Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak · 2018-02-21 15:35:12

Hi Destry, Is it possible to post your process step-by-step? Also, I’m not sure as to what WF is talking about the redirects as I understand that the htaccess file is separate to the certificate.

Destry · 2018-02-21 16:00:10

colak wrote #309359:

Also, I’m not sure as to what WF is talking about the redirects as I understand that the htaccess file is separate to the certificate.

Dude, don’t even get me started about WF support. I’ve been dealing with comedic replies from them all day. It’s like they don’t even listen to the careful questions you’re taking the time to write. They just want to give you the shortest of change and close the ticket. I honestly think half the guys there don’t know WTF they’re doing. Responses are always contradictory from one person to the next. It’s nuts. I should probably find a new host eventually.

It’s enough to make an old man leave the net for good. The game gets tiring.

Destry · 2018-02-21 16:10:29

colak wrote #309359:

Is it possible to post your process step-by-step?

Yes, I’ve posted it here, Let’s Encrypt on WebFaction with acme-webfaction, and will update it regularly as I learn the minutiae.

Destry · 2018-02-21 17:13:09

Colak,

I’ve just updated the doc, so if you were looking at it. Start over. ;)

jpdupont · 2018-02-21 22:18:29

The version chosen by Destry has one advantage: the automation of crontab.

By cons, the rest seems IMHO much more complicated. I have yet to install tonight two certificates without worry.

I’m sorry I was not able to make the process clear enough :-((

colak · 2018-02-22 06:53:02

Destry wrote #309362:

Colak,

I’ve just updated the doc, so if you were looking at it. Start over. ;)

Hi Destry,

Thanks so much. I stared and started following your doc. We have a NeMe project coming up but it is in the papers to do it in March.

Destry · 2018-02-22 10:35:03

Sorry for hijacking this thread so badly.

I’ve updated the tutorial for nearly the last time. I might move it to my site later (and let you know) cuz I’m cleaning out the CSF github repos at some point.

For anyone that knows about cron jobs, I have a couple questions about the last section of the tutorial, which I’m editing from another person’s work. It reads:

Run the following command from the crontab with --force appended (change USER to your user directory name):

"/home/USER/.acme.sh"/acme.sh --cron --home "/home/USER/.acme.sh" --force

My questions:

What does it mean to run “from the crontab”?
Why are there quotes around "/home/USER/.acme.sh"? Couldn’t I rewrite that command as follows:

~/.acme.sh/acme.sh --cron --home ~/.acme.sh --force

Also, if anyone knows how to prevent GitHub from making strings like this into links, www.domain.tld, please share. That is really annoying.

gaekwad · 2018-02-23 22:41:00

Destry wrote #309371:

My questions:

What does it mean to run “from the crontab”?

crontab is the built-in task scheduler shopping list. If you have shell access, you can typically access the current list with: sudo crontab -l (lower case L, not upper case i). Each non-commented line (i.e. line that don’t start with #) represents a thing that happens on a schedule. The numbers and/or asterisks at the start indicate when and how often the task runs, then the command follows. Like this:

*     *     *   *    *        command to be executed
-     -     -   -    -
|     |     |   |    |
|     |     |   |    +----- day of week (0 - 6) (Sunday=0)
|     |     |   +------- month (1 - 12)
|     |     +--------- day of the month (1 - 31)
|     +----------- hour (0 - 23)
+------------- minute (0 - 59)

Here’s my crontab entry for my Let’s Encrypt! auto-renew on Digital Ocean:

34 12 7,21 * *  /opt/letsencrypt/letsencrypt-auto renew

At 12:34 on the 7th and 21st of every month, on any given day of the week, /opt/letsencrypt/letsencrypt-auto renew runs as root and auto-renews my certs. Want to build your own crontab entry easily? Try this: crontab-generator.org

Why are there quotes around "/home/USER/.acme.sh"? Couldn’t I rewrite that command as follows:

~/.acme.sh/acme.sh --cron --home ~/.acme.sh --force...

Best guess is that USER might contain a space, and the quotes make sure it’s processed as one location.

Also, if anyone knows how to prevent GitHub from making strings like this into links, www.domain.tld, please share. That is really annoying.

gist.github.com/alexpeattie/4729247 – it’s a bit cat-and-mouse, but you might find a recipe that works for you.

Destry · 2018-02-23 23:29:11

You the man, Pete!

colak · 2018-03-14 10:31:43

ACME v2 and Wildcard Certificate Support is Live.

Wildcard certificates2.9k allow you to secure all subdomains of a domain with a single certificate. Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases.

Destry · 2018-03-15 09:52:53

colak wrote #309938:

ACME v2 and Wildcard Certificate Support is Live.

I hope WebFaction gets on board with that. They’ve been rather slow and unconventional with the whole ssl support thing, but it’s ironing out.

philwareham · 2018-03-15 10:21:51

The next thing you’ll probably be punished for in indexing is going to be older TLS versions (and/or any SSL enabled) on your server. You really need to be running TLS 1.2+ from here on out, which is much more secure. We’re going to have to eventually move the Textpattern sites to a new host and server since the Joyent server we have is stuck on TLS 1.0 with no possible upgrade path (and runs an obsolete PHP version for that matter).

I’ve known about this for a while now, but just this week I’m starting to receive Google Search Console warnings about it.

You can test your server here to see what TLS version it is running.

Textpattern CMS

Textpattern CMS support forum

#49 2018-02-21 15:35:12

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

#50 2018-02-21 16:00:10

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak wrote #309359:

#51 2018-02-21 16:10:29

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak wrote #309359:

#52 2018-02-21 17:13:09

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

#53 2018-02-21 22:18:29

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

#54 2018-02-22 06:53:02

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Destry wrote #309362:

#55 2018-02-22 10:35:03

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

#56 2018-02-23 22:41:00

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Destry wrote #309371:

#57 2018-02-23 23:29:11

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

#58 2018-03-14 10:31:43

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

#59 2018-03-15 09:52:53

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak wrote #309938:

#60 2018-03-15 10:21:51

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Board footer