Thanks to LetsEncrypt and letsencrypt-win-simple, the forums now have a secure connection

What is the advantage in this if any?

it means we won't get flagged by google as insecure in the future

Good stuff Huw. How easy was it to implement?

it was reasonably simple. although because I have several domains all on one IP it was a bit of a faff, but for a domain on its own IP it was very easy.

The outline of what I had to do

https://reddick.asuscomm.com/the-joys-of-letsencrypt-on-windows/

Wonderful! [^]

So, if you've already got a domain SSL and the domain is hosted on a dedicated server, how do you force the forum to use the https prefix?

I'm using url rewrite rules in the web.config to force the redirect

Thanks, HuwR

Hello Huw,

Just looking at your notes on your site to turn on https on our snitz site, when I got the following when going to https://reddick.asuscomm.com/the-joys-of-letsencrypt-on-windows/

SEC_ERROR_EXPIRED_CERTIFICATE

Just to give you the heads up,


Pierre

ah yes, need to run the renew script for the certificate, thanks

I renewed the ones here yesterday, I forgot about my Pi

certificate renewed, thanks for the warning, seems I forgot to add the cron job to my pi

Thank you, HuwR!

Another thanks to Huwr. Following his advice my site is now secured and all in all it was a lot easier than I thought it would be

Just about to have a go myself. Wish me luck, and thanks Huw, great work :-)

Great work guys! Thank you for everything :)


____________________________________________________________________________________________________________________________________________________________________________________________________________

Just an update on this.. I ran into several problems mainly to do with external content being supplied using scripts using http links. http content cannot be displayed in https pages without causing insecure contents warnings.

And believe it or not the main culprits were Google (AdSense links), Google search bars, Ebay partner network, and Photobucket links to images that our users had posted within the threads.

The Google AdSense content was easy to resolve by updating the scripts, Photobucket image linking is another one all together.

Firefox, Chrome and Safari all caused browser issues resulting in some changes to files, and IE users who do not have 'show mixed content within pages' enabled found that warnings kept being displayed for insecure content.

One thing I did find useful though is the developer tools within Firefox as it allows you to see the source of the errors as you browse your content which makes for fixing them a whole lot easier

yes, this is one of the problems especially allowing members to use external links.

Here's a couple of lines that improve things once you convert to https...
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

Insert into inc_header.asp at line 1 & 2

The first line: <meta charset="UTF-8"> gives a character coding that speeds the loading of the pages up

(Edit : If using £ within your pages use the following if the £ sign displays as a ? <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/> )

The second line.. <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> ... further info here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests

doesn't look like IE supports it, typical

more info on CSP here https://content-security-policy.com/