Skip to main content
Please use HTTPS Started by Joshua Dickerson · · Read 45230 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

Re: Please use HTTPS

Reply #15

Quote from: emanuele – I have close to no knowledge on the matter (and I prefer not to touch the server LOL), so it's Spuds' call here. Or @TE if he comes around. :P

BTW: I just started researching how to set up ssl on my localhost before google kills desktop notifications support for non-SSL sites... what a pain. ::)
It will always display an error for localhost

Re: Please use HTTPS

Reply #16

If you are using a Cpanel hosting platform it is really simple. The SSL/TLS Manager will allow you to generate SSL certificates, certificate signing requests, and private keys. These are all parts of using SSL to secure your website. SSL allows you to secure pages on your site so that information such as logins, credit card numbers, etc are sent encrypted instead of plain text. It is important to secure your site’s login areas, shopping areas, and other pages where sensitive information could be sent over the web.


If you will use the link, username, and password that I have provided for you below you will be able to see a real CPanel. Go to where it says SSL/TLS and click on it to see what I'm talking about.
Last Edit: June 05, 2017, 06:33:02 pm by Brother John

Re: Please use HTTPS

Reply #17

@emanuele45, you can rename your localhost to any fqdn and get ssl certs for that fqdn. Other than using certbot, you can try acme.sh in obtaining and auto renewing LE ssl certs for it as well.

Re: Please use HTTPS

Reply #18

I'm far before this step, I just managed to understand how to have the server respond when I point the browser to https. xD
Bugs creator.
Features destroyer.
Template killer.

Re: Please use HTTPS

Reply #19

Quote from: ahrasis – @emanuele45, you can rename your localhost to any fqdn and get ssl certs for that fqdn. Other than using certbot, you can try acme.sh in obtaining and auto renewing LE ssl certs for it as well.
I haven't done this, but would you still get a certificate error?

Re: Please use HTTPS

Reply #20

You shouldn't gel ssl error in your browser if LE certs can be issued and then properly installed for the localhost site.

 

Re: Please use HTTPS

Reply #21

Joshua Dickerson, you could get an error if the certificate is bad. I have bought then and they were bad, of course, they were replaced by the co. I bought then from. it's just a pain when you get a bad certificate. It doesn't happen that often.




Re: Please use HTTPS

Reply #22

I see HTTPS now but you can still visit non https:// http://www.elkarte.net/ shouldn't that be redirected to the https version?
Also I see HTTP/2.0 not supported and site is still using PHP 5.4

Re: Please use HTTPS

Reply #23

You may run into a problem with some anti-virus software showing an error if someone tries to visit your website. Not having one can end up doing you more harm than good and if you are selling products through your website you could be held liable for not protecting your client's info. They are cheap around $5.50/year. I use them to protect my clients and I own info. My site that I started here has one https://realchristchurch.com.  I use this site to test my SSL's with https://www.sslshopper.com/ssl-checker.html#hostname=www.realchristchurch.com

Re: Please use HTTPS

Reply #24

Quote from: vbgamer45 – I see HTTPS now but you can still visit non https:// http://www.elkarte.net/ shouldn't that be redirected to the https version?
Also I see HTTP/2.0 not supported and site is still using PHP 5.4
While "rolling" https out we chose to not to enable redirect, just in case we had to back things out.

I don't think the current version of nginx on the site supports http/2.

PHP could be updated nods


Re: Please use HTTPS

Reply #25

Very true about the PHP. I can change the PHP for my Clients from 5.4 - 7.1

Re: Please use HTTPS

Reply #26

Quote from: vbgamer45 – I see HTTPS now but you can still visit non https:// http://www.elkarte.net/ shouldn't that be redirected to the https version?
Also I see HTTP/2.0 not supported and site is still using PHP 5.4
Oh, is that why I've been seeing some weird logged in/not logged in stuff? I didn't bother investigating, thinking it was probably some cache fluke on my end.

Re: Please use HTTPS

Reply #27

redirect has been enabled ;) Should be fixed within the next few minutes ...
Thorsten "TE" Eurich
------------------------

Re: Please use HTTPS

Reply #28

I noted one page is not fully secure as IchBin avatar url is on non https in here.

Re: Please use HTTPS

Reply #29

 emanuele bans @IchBin for not using a safe avatar! xD
Bugs creator.
Features destroyer.
Template killer.