Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: rewrite http to https
Cool! Glad you got it working and for teaching us WF-users something new. I’ll give that a try too some time.
Firefox shows a yellow warning triangle and notes that can be because not all elements (e.g. graphics) are from a secure source. Looking at the page infos, it seems there is just one: connective.svg that is being pulled in from graphicpush.com. If you host that yourself, you should have it. The other pages that don’t have that graphic get a green padlock. On discussion.csf.community a couple of graphics in your template just needing switching to load via https: (or protocol-less if that works) to qualify. You already have those graphics (stripe and marquee_bg) loading fine via https on the other pages.
TXP Builders – finely-crafted code, design and txp
Offline
Re: rewrite http to https
Good spots. Yeah, the connective.svg graphic is Kevin’s. Getting that from him has been surprisingly difficult. Maybe this will finally convince him. ;)
I’ll track the other two down now.
Offline
Re: rewrite http to https
You should be able to just save it to your computer and upload it to txp (or whatever) and then change the src to csf.community.
TXP Builders – finely-crafted code, design and txp
Offline
Re: rewrite http to https
jakob wrote #299633:
You should be able to just save it to your computer
Believe me, I have tried. I don’t know if it’s because it’s an .svg file, or he has some lock on it, or I’m just a dope, but I cannot seem to harvest it, just link to it.
In any case, Kevin has delivered!
Offline
Re: rewrite http to https
Offline
#21 2016-09-04 06:21:26
- jpdupont
- Member
- Registered: 2004-10-01
- Posts: 752
Re: rewrite http to https
Thanks Destry !
Offline
Re: rewrite http to https
Just a note. The LE instructions do not account for auto-requesting cert renewals with WebFaction, as I realized when the certs expired yesterday. For that you need to contact WF again as described in step 7 and request the necessary renewals. At least I think so. I’m doing that now to see if they’ll do it. Whatever the fallout, I’ll update the doc to account for the renewal hoop.
There is supposed to be a cron job you can do to handle the auto-renewal requests, apparently, but I’ve not been able to find the tutorial or have any idea how to create one (never worked with crons before).
—-
Edit: WebFaction renewed the certs quickly. Word from them is that my LE doc, notably the result of having installed the acme.sh script (step 3), should have enabled auto-renewal requests to WF, but it didn’t work for some reason. They suggested the acme.sh script might need updated, which is good advice, it’s a one-liner.
Anyway, I’ll just be maintaining the doc at this point with any further updates as they are learned.
Last edited by Destry (2016-09-06 14:15:02)
Offline
Re: rewrite http to https
I lied. Back on this again, mainly because I need the collective wisdom…
I just came across this issue for the acme.sh script, which seems to indicate the script was set for renewals at 80 days, when in fact Let’s Encrypt requires renewals at 70 days?
That might explain why the script didn’t renew my certs, but not sure.
You can see in that issue I posed a couple of questions I’m confused about, but maybe someone here can shed light(?), because I actually ran the command he gives there, this one:
acme.sh --renew -d domain.tld --days 69 --force (correcting domains)
And got this back in Terminal:
$ acme.sh --renew -d csf.community -d www.csf.community -d discussion.csf.community -d www.discussion.csf.community --days 69 --force
[Wed Sep 7 15:14:23 UTC 2016] Standalone mode.
[Wed Sep 7 15:14:23 UTC 2016] Skip register account key
[Wed Sep 7 15:14:23 UTC 2016] Creating csr
[Wed Sep 7 15:14:23 UTC 2016] Multi domain='DNS:www.csf.community'
[Wed Sep 7 15:14:23 UTC 2016] Verify each domain
[Wed Sep 7 15:14:23 UTC 2016] Getting webroot for domain='csf.community'
[Wed Sep 7 15:14:23 UTC 2016] Getting token for domain='csf.community'
[Wed Sep 7 15:14:25 UTC 2016] Getting webroot for domain='www.csf.community'
[Wed Sep 7 15:14:25 UTC 2016] Getting token for domain='www.csf.community'
[Wed Sep 7 15:14:26 UTC 2016] Verifying:csf.community
[Wed Sep 7 15:14:26 UTC 2016] Standalone mode server
[Wed Sep 7 15:14:35 UTC 2016] Success
[Wed Sep 7 15:14:35 UTC 2016] Skip for removelevel:
[Wed Sep 7 15:14:35 UTC 2016] Verifying:www.csf.community
[Wed Sep 7 15:14:35 UTC 2016] Standalone mode server
[Wed Sep 7 15:14:44 UTC 2016] Success
[Wed Sep 7 15:14:44 UTC 2016] Skip for removelevel:
[Wed Sep 7 15:14:44 UTC 2016] Verify finished, start to sign.
[Wed Sep 7 15:14:46 UTC 2016] Cert success.
-----BEGIN CERTIFICATE-----
remove the hash
-----END CERTIFICATE-----
[Wed Sep 7 15:14:46 UTC 2016] Your cert is in /home/user/.acme.sh/csf.community/csf.community.cer
[Wed Sep 7 15:14:46 UTC 2016] The intermediate CA cert is in /home/user/.acme.sh/csf.community/ca.cer
[Wed Sep 7 15:14:46 UTC 2016] And the full chain certs is there: /home/user/.acme.sh/csf.community/fullchain.cerWhatever it did, it seems to have done it successfully. But I’m not sure if it updated the script with the shorter renewal time value and I don’t have to do anything else? Or do I need to notify WebFaction again with a renewal request on these latest changes?
On that last point, I guess if anyone is seeing a security notice (I’m not) when visiting a CSF link, for example, I probably need to request the renewal again with WebFaction.
Finally, the script update command the dev gives doesn’t seem to work, or I’m running it wrong. When I try this as given:
acme.sh --upgrade
(i.e. ~/.acme.sh/acme.sh --upgrade
I get this response:
Unknown parameter : --upgrade
Am I doing it wrong, or is his script bad?
Offline