Jump to content
Sign in to follow this  
Sascha

website not secure.

Recommended Posts

Sascha

Hello. I wanted to get notifications from this site on my Google chrome browser,even if I'm not on it so that I know if someone sells something, but it says that this site is not secure, so I can't add it. Any way to make it secure? I tried it trough proxy settings, but it gives me the notification"Sites added to this zone must use the https:// prefix. This prefix assures a secure connection". Its weir because the prefix is in the URL.

Share this post


Link to post
Martijn Meerts

It's a known issue, and 1 of the reasons we removed the facebook login feature (that, and very few people actually used it)

 

We need to get a SSL certificate in order to use the https:// prefix. Since the forum runs on donations (and quite a bit of my personal funds), we prefer to use a service where you can get free certificates. However, you have to renew those certificates every 3 months I believe, and that process isn't easy on our current server set up.

 

To get the https:// prefix (and have it be certified), we need to upgrade the server (or rather, reinstall the whole thing, can't directly upgrade) so we have the tools needed to automatically renew the certificate. I've started looking into it, but haven't gotten around to actually doing it. I'm planning on doing it soon though, within the next few weeks most likely.

 

  • Thanks 2

Share this post


Link to post
EdF
Posted (edited)

It looks like you can get a free SSL cert if you use an ELB in AWS.  They will do a DNS check to make sure you are the owner, and the cert just provides SSL encryption, and will be from Amazon, so it won't specifically verify that you are in fact jnsforum.com, so things like facebook would probably still not be happy, but the SSL would work for browsers.  This would also require EC2s, probably doesn't work if just using S3 web hosting.

 

https://hackernoon.com/getting-a-free-ssl-certificate-on-aws-a-how-to-guide-6ef29e576d22

 

I use certs on ELBs all the time at work and they are a huge AWS customer, so we have our own certs, but using the ELB means the certs are just pointed to in AWS, I don't have to put the cert on the EC2s.  And if they change, I just change the value in a drop down box on the ELB, no changing the server.  The comms from the EC2 to ELB are not encrypted, but from the ELB to the pubic, it is, and since the ELB acts as a reverse proxy, the public side never sees any non-encrypted traffic.

Edited by EdF
added a how-to, and some background.

Share this post


Link to post
Martijn Meerts

We don’t use an ELB since we only use a single web server. AWS doesn’t allow adding certificates directly to EC2 instances. 

 

I’ve looked at the let’s encrypt certificates, but the required tools to automate that aren’t compatible with Amazon Linux. We need to update to Amazon Linux 2, but that requires a completely new install. 

 

We need to do the update either way, the latest version of the forum software requires a newer PHP version than what’s currently installed, and upgrading PHP on the current server means compiling it from source, which I really don’t want to do 🙂

Share this post


Link to post
chadbag

Yeah, I wish "Let's Encrypt" would issue for more than 3 months at a time.  I use them for my mail servers and have to manually do it each time.  And I always forget how.  (I have to do it manually for several reasons, the least of which is the way the servers are set up with different SmartOS virtual servers for each function, all sharing one cert).  

 

 

Share this post


Link to post
railsquid
14 minutes ago, chadbag said:

And I always forget how. 

 

Slightly OT, but I made my life a whole lot less forgetful by getting into the habit of noting down stuff like that for the next time I need to do it, and keeping those notes as plain text files in a private git repository so I don't lose them. Easy enough to grep through when I forget where I stored the notes. No fancy apps or software required, just a text editor and git.

 

I'm currently in the process of migrating a server I set up 6 or 7 years ago before I started doing that systematically and cursing myself for not documenting it all properly, though patting myself on the back for the stuff which I did.

  • Like 1

Share this post


Link to post
cteno4

Those are the worst tasks, just far enough apart to forget enough to not be able to do it but just enough to attempt and wast time and frustrate yourself! I stepped out of doing training for any systems I worked on for clients’ staff as the vast majority would never listen to me about taking notes (some would actually get offended by the suggestion) and always call back frustrated and mad a month or two later as they had not done it in just long enough time to forget enough. Sadly enough would let their frustration turn into anger at me for not training them well enough... at that point you can’t say I told you to take notes... nice thing was the vast majority of all the problems I ever had with my clients so a nice change.

 

jeff

Share this post


Link to post
Martijn Meerts

I generally don't forget how to set up a server, especially the ones running modern versions of linux. The first linux server I set up was a pain, since most things had to be built from source, and installing specific drivers often meant compiling the kernel.

 

The current version of linux on the server it too outdated to update, but the new version is easy enough to set up. Getting everything copied is probably more annoying than setting up the server, and considering all uploaded files are on cloud storage now, even copying those files should be reasonably simple. I just need to find some spare time to actually do it in.

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×