| T O P I C R E V I E W |
| HuwR |
Posted - 17 December 2016 : 09:16:17
Thanks to LetsEncrypt and letsencrypt-win-simple, the forums now have a secure connection  |
| 15 L A T E S T R E P L I E S (Newest First) |
| HuwR |
Posted - 15 April 2017 : 03:33:16
doesn't look like IE supports it, typical
more info on CSP here https://content-security-policy.com/ |
| Webbo |
Posted - 14 April 2017 : 16:54:05
Here's a couple of lines that improve things once you convert to https...
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
Insert into inc_header.asp at line 1 & 2
The first line: <meta charset="UTF-8"> gives a character coding that speeds the loading of the pages up
(Edit : If using £ within your pages use the following if the £ sign displays as a ?
<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/> )
The second line.. <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> ...
further info here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests |
| HuwR |
Posted - 14 April 2017 : 04:07:59
yes, this is one of the problems especially allowing members to use external links. |
| Webbo |
Posted - 14 April 2017 : 03:37:04
Just an update on this.. I ran into several problems mainly to do with external content being supplied using scripts using http links.
http content cannot be displayed in https pages without causing insecure contents warnings.
And believe it or not the main culprits were Google (AdSense links), Google search bars, Ebay partner network, and Photobucket links to images that our users had posted within the threads.
The Google AdSense content was easy to resolve by updating the scripts, Photobucket image linking is another one all together.
Firefox, Chrome and Safari all caused browser issues resulting in some changes to files, and IE users who do not have 'show mixed content within pages' enabled found that warnings kept being displayed for insecure content.
One thing I did find useful though is the developer tools within Firefox as it allows you to see the source of the errors as you browse your content which makes for fixing them a whole lot easier |
| Monica 345 |
Posted - 04 April 2017 : 03:50:17
Great work guys! Thank you for everything :)
____________________________________________________________________________________________________________________________________________________________________________________________________________
|
| pierretopping |
Posted - 26 March 2017 : 15:59:49
Just about to have a go myself. Wish me luck, and thanks Huw, great work :-) |
| Webbo |
Posted - 26 March 2017 : 05:53:04
Another thanks to Huwr. Following his advice my site is now secured and all in all it was a lot easier than I thought it would be |
| Etymon |
Posted - 23 March 2017 : 19:32:57
Thank you, HuwR!
 |
| HuwR |
Posted - 17 March 2017 : 14:29:08
certificate renewed, thanks for the warning, seems I forgot to add the cron job to my pi |
| HuwR |
Posted - 17 March 2017 : 11:20:23
I renewed the ones here yesterday, I forgot about my Pi |
| HuwR |
Posted - 17 March 2017 : 11:19:15
ah yes, need to run the renew script for the certificate, thanks |
| pierretopping |
Posted - 17 March 2017 : 11:07:25
Hello Huw,
Just looking at your notes on your site to turn on https on our snitz site, when I got the following when going to https://reddick.asuscomm.com/the-joys-of-letsencrypt-on-windows/
SEC_ERROR_EXPIRED_CERTIFICATE
Just to give you the heads up,
Pierre |
| Doug G |
Posted - 19 December 2016 : 23:25:10
Thanks, HuwR
|
| HuwR |
Posted - 19 December 2016 : 18:09:01
I'm using url rewrite rules in the web.config to force the redirect |
| Webbo |
Posted - 19 December 2016 : 17:07:39
So, if you've already got a domain SSL and the domain is hosted on a dedicated server, how do you force the forum to use the https prefix?
|
