Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2017-08-18 13:13:09

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Non-HTTPS Sites Labeled "Not Secure" by Chrome

I just received a google email that “starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.”

Could someone post a step by step tutorial on:

  • what is needed to be done for textpattern sites ie do we just add the snippet below to the htaccess file?:
<IfModule mod_rewrite.c>
RewriteCond %{SERVER_PORT} !^443
RewriteRule ^ https://mydomain.tld%{REQUEST_URI} [R=301,L]
</IfModule>
  • Could someone post some tutorials on Let’s encrypt and how they made it work in their server?
  • Could someone post some tutorial on Cron-Job scripting required to renew the certificate automatically (if it can be done)
  • If you are on webfaction and have https through Let’s encrypt, could you get in touch?

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#2 2017-08-18 14:21:38

jpdupont
Member
Registered: 2004-10-01
Posts: 752

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

I have already configured let’s encrypt on Webfaction, and the admin interface sould allows soon automating certificates.

I used:

github.com/Neilpang/acme.sh
community.webfaction.com/questions/19988/using-letsencrypt

And the easy steps :

cpbotha.net/2016/07/18/installing-free-lets-encrypt-ssl-certificates-on-webfaction-in-3-easy-steps/

Last edited by jpdupont (2017-08-18 14:25:50)

Offline

#3 2017-08-18 15:06:44

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Thanks sooo much JP, this looks very simple!


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#4 2017-08-18 15:24:12

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,447
Website GitHub

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

FWIW, in case anyone who rolls their own server requires the info, I use certbot which handles upgrading of LetsEncrypt certificates automatically.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#5 2017-08-18 16:11:06

philwareham
Core designer
From: Haslemere, Surrey, UK
Registered: 2009-06-11
Posts: 3,564
Website GitHub Mastodon

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

If somebody wants to write a blog article on this for the new Textpattern.com site, they are very welcome. It’s something that would probably help many people move to HTTPS.

Offline

#6 2017-08-18 16:13:52

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,091
Website Mastodon

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Thanks sooo much for posting your steps on accomplishing this on Webfaction!


…. texted postive

Offline

#7 2017-08-19 05:38:10

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Now I am confused:)

should I go for certbot or the python script found on point 21 here?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#8 2017-08-19 07:39:48

kuopassa
Plugin Author
From: Porvoo, Finland
Registered: 2008-12-03
Posts: 238
Website

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

A little addition: Firefox has had for some months that non-HTTPS warning next to certain input forms.

Offline

#9 2017-08-19 15:01:08

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak wrote #306672:

Now I am confused:)

should I go for certbot or the python script found on point 21 here?

From what I can tell: certbot does something similar to that python script + acme.sh
I use certbot personally. Never had to look at it again after the initial setup.

Offline

#10 2017-08-20 05:40:28

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

I am looking into certbot. WF’s server we are using are Linux which is not included in their dropdown. Should I select the “Other UNIX”?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#11 2017-08-20 07:02:08

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak wrote #306678:

I am looking into certbot. WF’s server we are using are Linux which is not included in their dropdown. Should I select the “Other UNIX”?

Pretty much all the choices in that list are LINUX distributions. You just have to find out which one. Typically one of the files in the /etc directory contains the version. Or type uname -a to get the kernel version, which often also contains hints to which distributions it is.
Is it a dedicated server/VPS you’re using with root access?

Offline

#12 2017-08-20 07:28:59

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Hi Ruud, thanks so much for your support. From the terminal: Server OS: Linux server.webfaction.com 3.10.0-514.21.1.el7.x86_64 #1 SMP Thu May 25 17:04:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux on a shared server.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

Board footer

Powered by FluxBB