Some of you may have noticed that the website was offline most of yesterday. As it turns out the SSL certificate for this domain expired yesterday, which was fine because I was going to have to revoke it due to the Heartbleet bug recently revealed in OpenSSL. Unfortunately I was traveling for business when this all happened so I decided to take the server offline until I could return home and get the problems fixed.
Yesterday I installed new versions of OpenSSL and Nginx to alleviate the Heartbleed bug and verified the fix via the Qualys SSL testing tool (this blog has an “A” rating). I also loaded a new certificate onto the server. Fortunately, thanks to the use of forward secrecy, any traffic that may have been intercepted from my server still remains undecryptable even if somebody did manage to exploit the Heartbleed vulnerability to acquire my private key.