Hello I successfully added https protocol to my own website. Currently implementing it for another website located at www.cheepcheep.net. It’s on shared hosting so I’ve found it a bit hard to overcome permissions etc.
You have a cert for cheepcheep.net only but the server is redirecting to www.cheepcheep.net. For this to work you need a cert for both names, in the official client this is done by using multiple -d flags.
Thanks for you reply cool110. But i’ve redone the steps but for www.cheepcheep.net instead.
Apologies one moment I’m going to uninstall the current cert and they keys on my server, I’ll let you know how it goes as it seem I didn’t update it properly.
This time the site is loading however I don’t have the green lock next to my URL. Google Chrome still mentions that my security is weak
Your connection to www.cheepcheep.net is encrypted using a modern cipher suite. Further, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
So I believe it was what serverco said about my links not being https. But I updated my .htaccess file with a plugin and it’s working now, however the links to my images are broken.
I had something similar when I moved to https on my personal site. The page I wrote wasn’t using relative links for the headings (e.g. “/img/headingmain.jpg”), and instead used URLs (e.g. “http://example.com/img/headingmain.jpg”).
This was my mistake from when I was teaching myself how to write HTML over a decade ago. I took a shortcut (using URLs) because I could cut and paste hypertext from any page into any other page and the links would still work. The links would break when I used relative links since the relative locations changed from page to page.
I didn’t realise I’d kept so much old code in my pages. My current site uses PHP and style sheets but I still had three or four http links in my main landing page alone. If you wrote the site yourself (or based it on somebody else’s) I’d search the page for “http” and replace the URL with a relative link.
Another option you could try is using CSP (content security policy) to tell users’ browsers to upgrade all insecure HTTP. It isn’t supported by all browsers (I think the only major ones supporting are Chrome, Firefox, and Opera), but it will tell the browser to rewrite any HTTP links it finds on your site to HTTPS if possible.
Basically to do this, you’d add this header to your server: Content-Security Policy: upgrade-insecure-requests.
If you don’t have the ability to add HTTP headers to your server, you could alternatively embed it in your HTML <head> as shown on https://googlechrome.github.io/samples/csp-upgrade-insecure-requests/: <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">.
This might give you some time to hunt down all the links and other resources being referenced over HTTP and upgrade them to HTTPS.
Thanks Quicksilver and koluke. Apart from fixing those http links, I haven’t played much with website building since I finished mine years ago. And my site basically reduced over time as I moved to things like ownCloud and Roundcube.
This is the problem with being self-taught. I had no idea src could reference a website without specifying http or htttps, or that I could request the browser upgrade insecure requests. Since my site is self-contained, my links were more like src="…/…/img/blog/picture.jpg".
But it worked! Ah, misspent youth. I’ve always been a crappy programmer, you should have seen the basic I wrote for my Commodore64 back in the day
