Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak · 2017-08-18 13:13:09

I just received a google email that “starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.”

Could someone post a step by step tutorial on:

what is needed to be done for textpattern sites ie do we just add the snippet below to the htaccess file?:

<IfModule mod_rewrite.c>
RewriteCond %{SERVER_PORT} !^443
RewriteRule ^ https://mydomain.tld%{REQUEST_URI} [R=301,L]
</IfModule>

Could someone post some tutorials on Let’s encrypt and how they made it work in their server?
Could someone post some tutorial on Cron-Job scripting required to renew the certificate automatically (if it can be done)
If you are on webfaction and have https through Let’s encrypt, could you get in touch?

jpdupont · 2017-08-18 14:21:38

I have already configured let’s encrypt on Webfaction, and the admin interface sould allows soon automating certificates.

I used:

github.com/Neilpang/acme.sh
community.webfaction.com/questions/19988/using-letsencrypt

And the easy steps :

cpbotha.net/2016/07/18/installing-free-lets-encrypt-ssl-certificates-on-webfaction-in-3-easy-steps/

Last edited by jpdupont (2017-08-18 14:25:50)

colak · 2017-08-18 15:06:44

Thanks sooo much JP, this looks very simple!

Bloke · 2017-08-18 15:24:12

FWIW, in case anyone who rolls their own server requires the info, I use certbot which handles upgrading of LetsEncrypt certificates automatically.

philwareham · 2017-08-18 16:11:06

If somebody wants to write a blog article on this for the new Textpattern.com site, they are very welcome. It’s something that would probably help many people move to HTTPS.

bici · 2017-08-18 16:13:52

Thanks sooo much for posting your steps on accomplishing this on Webfaction!

colak · 2017-08-19 05:38:10

Now I am confused:)

should I go for certbot or the python script found on point 21 here?

kuopassa · 2017-08-19 07:39:48

A little addition: Firefox has had for some months that non-HTTPS warning next to certain input forms.

ruud · 2017-08-19 15:01:08

colak wrote #306672:

Now I am confused:)

should I go for certbot or the python script found on point 21 here?

From what I can tell: certbot does something similar to that python script + acme.sh
I use certbot personally. Never had to look at it again after the initial setup.

colak · 2017-08-20 05:40:28

I am looking into certbot. WF’s server we are using are Linux which is not included in their dropdown. Should I select the “Other UNIX”?

ruud · 2017-08-20 07:02:08

colak wrote #306678:

I am looking into certbot. WF’s server we are using are Linux which is not included in their dropdown. Should I select the “Other UNIX”?

Pretty much all the choices in that list are LINUX distributions. You just have to find out which one. Typically one of the files in the /etc directory contains the version. Or type uname -a to get the kernel version, which often also contains hints to which distributions it is.
Is it a dedicated server/VPS you’re using with root access?

colak · 2017-08-20 07:28:59

Hi Ruud, thanks so much for your support. From the terminal: Server OS: Linux server.webfaction.com 3.10.0-514.21.1.el7.x86_64 #1 SMP Thu May 25 17:04:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux on a shared server.

Textpattern CMS

Textpattern CMS support forum

#1 2017-08-18 13:13:09