Author Topic: https://deadlycupcakes.org/forums/  (Read 126 times)

**andius

  • Cupcakes Member
  • Hero Member
  • *
  • Posts: 846
https://deadlycupcakes.org/forums/
« on: November 17, 2017, 03:21:20 PM »
I get the message:
Quote
Everything should now be set up to use SSL. To join the future of 1999, please use https://deadlycupcakes.org/forums/ in your bookmarks instead of http.

So I got the https://deadlycupcakes.org/forums/ version of the site and login but when I login the message returns and Chrome tells me the site is Not secure
Andius (Hunter 110),Belandius (Priest 110),Dalandius (Warrior 110),Drandius (Shaman 110),Elandius (Rogue 110),Vandius (Mage 110),Deandius (Deathknight 110),Delandius (MoonKin Druid 110),Jinandius (Paladin 110),Shandius (Warlock 110) Kamandius (Monk 110), Ishandius (Demon Hunter 110)

Edalia

  • Red Velvet
  • Cupcakes Admin
  • Hero Member
  • *****
  • Posts: 4128
Re: https://deadlycupcakes.org/forums/
« Reply #1 on: November 20, 2017, 12:08:19 PM »
What URL do you end up at after login? Do you do the quick login at the top-right or click "Login" on the lower row ("Home Help Search Login Register)?

If you see a page that's Not Secure, you can usually just change http to https in the URL and get to the same page. There are still a few links that come standard in SMF that assume http, so with your help, I can try to track it down.
o/\o

Edalia

  • Red Velvet
  • Cupcakes Admin
  • Hero Member
  • *****
  • Posts: 4128
Re: https://deadlycupcakes.org/forums/
« Reply #2 on: November 20, 2017, 12:10:48 PM »
Looks like https://deadlycupcakes.org/forums/ does not use the SSL cert, but https://www.deadlycupcakes.org/forums/ does. Dammit.

For now, if you add www. in front of deadlycupcakes.org in your URLs, that will use SSL with the cert.
« Last Edit: November 20, 2017, 12:18:20 PM by Edalia »
o/\o

**andius

  • Cupcakes Member
  • Hero Member
  • *
  • Posts: 846
Re: https://deadlycupcakes.org/forums/
« Reply #3 on: November 20, 2017, 02:58:47 PM »
Thank you adding the ww fixed it, I see you also changed the address in the "news"parts too :)
Andius (Hunter 110),Belandius (Priest 110),Dalandius (Warrior 110),Drandius (Shaman 110),Elandius (Rogue 110),Vandius (Mage 110),Deandius (Deathknight 110),Delandius (MoonKin Druid 110),Jinandius (Paladin 110),Shandius (Warlock 110) Kamandius (Monk 110), Ishandius (Demon Hunter 110)

Edalia

  • Red Velvet
  • Cupcakes Admin
  • Hero Member
  • *****
  • Posts: 4128
Re: https://deadlycupcakes.org/forums/
« Reply #4 on: November 22, 2017, 07:05:30 AM »
I will try to figure out why our cert is bound to www, not *. Sorry about that!
o/\o

Marco

  • Three Rivers Member
  • Hero Member
  • *
  • Posts: 6477
Re: https://deadlycupcakes.org/forums/
« Reply #5 on: November 22, 2017, 09:25:55 AM »
The cert seems fine, with deadlycupcakes.org and www.deadlycupcakes.org DNS SANs, and it is presented for the main connection when you visit https://deadlycupcakes.org/forums.  However, the content at that URL contains a mix of https:// and http:// links; in particular, the form submission actions for the login and search boxes are insecure, which causes Chrome to consider the connection not fully secure.  The content at https://www.deadlycupcakes.org/forums contains far fewer http:// links.

Edalia

  • Red Velvet
  • Cupcakes Admin
  • Hero Member
  • *****
  • Posts: 4128
Re: https://deadlycupcakes.org/forums/
« Reply #6 on: November 27, 2017, 08:11:47 AM »
The cert seems fine, with deadlycupcakes.org and www.deadlycupcakes.org DNS SANs, and it is presented for the main connection when you visit https://deadlycupcakes.org/forums.  However, the content at that URL contains a mix of https:// and http:// links; in particular, the form submission actions for the login and search boxes are insecure, which causes Chrome to consider the connection not fully secure.  The content at https://www.deadlycupcakes.org/forums contains far fewer http:// links.

Thanks, Marco! I see a similar issue whenever certain linked avatars or gifs people post from http:// sources.

Since I'm not sure if any modifications I make to the login form on the home page will survive a software update (and a hint of laziness), please click Login on the top bar to login rather than the default form to ensure you are logging in with SSL.
o/\o