My domain is: www.molgen.vib-ua.be
My web server is (include version): windows 2008 / IIS 7 (?)
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I also got an untrusted error when first trying this website on a fresh firefox. Once I visited another website using let’s encrypt it got fixed…
I think something is wrong with the certificate/chain. I haven’t set it up, and this was previously a self-signed kind of website so … go easy on us please. Is this the issue ? How can I find and fix the issue ?
And as you said you visited the login form from a non-secure HTTP site, you’d get a non-secure HTTP site as the “action” of the form. And that will result in an insecure page. (Mixed content.)
How to fix? Well, don’t use a referer as the action of a form, that’s for starters… NEVER trust user input and yes, a HTTP header = user input from the servers point of view. Use a static action for the form, not a dynamic one based on the referer header.
By the way, run your site through the whynopadlock-site like @ahaw021 said: your main site has a lot of non-secure elements.
@ahaw021
Hey,
I downloaded that file and “installed” it, but the issue remains. I will send this to my windows colleague At-least we know the problem now. The mixed errors are fine.
@Osiris
Thanks for pointing that out as you might have suspected this site was made when animals still could talk. I’m not certified to update this beast
Well, if you keep linking to the login page from a non-secure HTTP page and you're not able to update the origin of the form action to something else than the referer, you're keeping the problem of not having a green padlock on the login page (b/c of the non-secure form action).