And an update to the update. (See below if you hadn’t seen the original update.)
The server is back up, but there’s an issue with our security certificate (I’ll explain). But everything’s secure … and we’re working with Media Temple to get everything resolved with the security cert.
So, hopefully you know that you should only enter your credit card in to a site when they provide you with a secure connection. Instead of seeing “http://”, you’ll see “https://” at the beginning of the address. That “s” stands for “secure.” The idea is that when you (the user) enter your data in to a site, it gets encrypted, and then it travels to the server where your credit card is processed / stored / handled, and it’s decrypted there.
A security certificate (also called an “SSL Certificate,” if you want to look up more about it) is designated as belonging to a specific site. Actually, it’s designated as belonging to a specific subdomain of a specific site (which can cause its own problems, but I don’t think those problems are ones we’re bumping up against).
Anyway, when we set up our SSL certificate at Media Temple, the registered party is a domain at Media Temple (gridserver.com). Because your browser is going to “www.pearbudget.com”, it’s expecting to see a certificate from “www.pearbudget.com”. Perfectly reasonable. But because the certificate at the site is currently for “*.gridserver.com”, your browser thinks that there might be a problem. In a good-faith effort to protect people from phishing scams, modern browsers will often put a big scary message up when a browser’s address and a security certificate don’t match up. You might have noticed one of these scary messages if you’ve tried to log in to PearBudget in the last couple of hours.
Again, we’re working to resolve the certificate mismatch. Your data is still safe, and hopefully, we’ll get it sorted out quickly, and most of you will see this note and think “what are they talking about? I haven’t seen any warning?!” We just wanted to put a note up in case you see a funky warning that suggests that the site isn’t secure.
If it looks like resolving the security certificate thing will take longer than we’d like, we’ll post another update with instructions. But let’s hope it doesn’t come to that.
As always, thanks for your understanding and your patience. And thanks, too, to those of you who have written in / tweeted with notes of encouragement. You all are the best!