It's Time Techweez

tls
ssl
techweez

#41

Experiencing the same.


#42

Took forever in the middle of breaks, googling and turning things on and off, but I believe I’ve hacked it.

Oh, it was a plugin setting, in the midst of trying recommendations and trying things on my end as well, I ended up duplicating things, and I didn’t realize I had.

Also, the reason main site wasn’t showing the padlock was because of site files and URLs that hadn’t been changed from http to https. I solved that by find and replace in the entire database.


#43

I could be wrong but my gut tells me the forum is discourse running on DO. In that case, the easiest route is just putting Cloudflare flexible SSL in front of it. A more complete solution is getting a lets encrypt certificate and using the full SSL option on Cloudflare. Both free.


#44

I wasn’t going to rest, huh? Anyway, next in line was naturally going to be the forum. And yes, it runs on DO.

I have seen a forum entry on how to set up SSL on it, command line, no chance of going wrong so I go in only when I feel I’m ready.

I planned on using let’s encrypt.


#45

I use VestaCP on my DO droplet and OVH as an alternative to CPanel. Has one click LetsEncrypt on each domain you host. Easy to use.


#46

@martingicheru Bitdefender won’t let me log in to forums due to lack of encryption… Makes me feel extremely unsafe clicking “proceed anyway” :grin::grin:


#47

Let’s encrypt bothered me because process involves setting up a new SSL every three months. So in-between doing other things, I’m checking out how to set up one that I need to worry about just once a year.


#48

The design of having 90 day certs is quite deliberate and if I may quote

They encourage automation, which is absolutely essential for ease-of-use. If we’re going to move the entire Web to HTTPS, we can’t continue to expect system administrators to manually handle renewals.

It’s very easy to forget to renew a cert, or even renewal time might come around and you discover the person with the credentials moved on to a new job or passed on. Even banks have forgotten to renew.
I would recommend finding a way to automate the renewal and just set it and forget it, but if it proves to be too much hassle then any other route is fine as well.


#49

Equity Bank


#50

Shorter duration certificates and automation are the future for web admins.

If you do chose Let’s Encrypt then Certbot handles certificate configuration and renewal with support for different kinds of setup.

I manage a handful of domains configured with monthly auto renewal. Once you are up and running, you are literally set for life.


#51

@martingicheru also note that Twitter and Facebook logins don’t work on the forum. I tried to login on a new device but I got errors. Check it out with your team.


#52

Mine stopped working months ago. Sometimes logging in via username and password then linking social media works but using social login first doesn’t work for me


#53

I’m dealing with this today.


#54

Ironic because your AV is essentially breaking your browser’s security.


#55

:thinking::smirk: I don’t get it, but am using latest chrome, and Bitdefender has helped me avoid many sites with coinminers and stuff.

I don’t mind web protection by my AV, it’s better than an unknown criminal intercepting my credentials due to encryption.

Been using Bitdefender total security for around six months now. Never had any issues or false alarms :grin:


#56

In simple terms the AV is breaking your browser by the process it inspects your URLs. Behaviour only seen elsewhere during malware attacks.

It’s a definite no-no for anyone keen on securing their device.


#57

Facebook does work for me. I tried resetting Twitter but I am yet to succeed.


#58

Each subdomain would need its own certificate too if you’re purchasing SSLs since they mainly only cover www mail and cpanel subdomains. Which is why techweez.com will load on https and forums.techweez.com won’t. I’d also advise letsencrypt with certbot since it autorenews every month and we’ll, it’s free.


#59

That’s incorrect. In this case Martin and his team would get one certificate for *.techweez.com. One cert can cover all subdomains.


#60

I am using letsencrypt and cloudflare on a nextcloud instance and I renew after every 3 months.I always get an email approximately 30 days to expiry and it only takes less than 2 minutes to renew.