I’m helping someone troubleshoot a website that isn’t loading securely. It’s a public utility site used for electricity bill checks, and it only loads over HTTP without redirecting to HTTPS. Some users are even getting browser warnings.
The site is the http:// fesco-bill.pk. I checked and it doesn’t appear to have an SSL certificate, or at least it isn’t being enforced. Could this be a hosting-level issue, or is there something blocking Let’s Encrypt from issuing a cert?
If the site is on shared hosting without command line access, what are the options to enable HTTPS properly?
According Let's Debug the site sits behind Cloudflare, which takes care of the certificate stuff between the browser and Cloudflare endpoint.
Between the Cloudflare CDN and the origin webserver, it might be most convenient to use a so called "Cloudflare Origin certificate".
But if the site is hosted on a shared hosting platform, well, then options might be limited (with regard of installing certificates on the webserver), depending on the hosting provider.
I don't see anything wrong with the redirects or the certificate. The home page shows like below. You will need to show example of a failure to get help.
We have had several posts similar to yours today which were all spam. We can't reproduce any of the problems you described. Please show more details otherwise yours looks like spam too.
That domain has successfully been getting wildcard certs regularly for a long time. It looks like a perfectly good system.
If you search e.g. Google for "fesco bill paying" or something similar, you get at least half a dozen of the same kind of sites as OPs.. Apparently either Fesco offers some kind of API so that third party sites can be developed, or there are half a dozen scammers actively targeting Fesco?
Maybe it is legit. Still, none of the problems they describe can be reproduced. Without more details there isn't much to say.
And, why would they think they can't get a certificate? (see below)
The domain is proxied at Cloudflare per the DNS. It seems their friend should have described that to them so they could better help. It is an essential part of the setup.
