Page 1 of 1
'Website not secure' notification
Posted: Mon Dec 24, 2018 5:13 am
by fallingwickets
using google chrome when logging on here at smf there is a red notification in the address saying that the site is not secure. if its costly to fix, can we pass a collection can around? thanks
clive
Re: 'Website not secure' notification
Posted: Mon Dec 24, 2018 11:24 am
by drmoss_ca
It's simply that the site's address is
http://forum.shavemyface.com rather than
https://forum.shavemyface.com
Vince could buy a security certificate and have the address changed to https, but all it would do is convince complete strangers they were clicking on a link to shavemyface.com, rather than being surreptitiously redirected to mexicandonkeyporn.com (which might be a real site for all I know!) Having e-mailed Vince a few days ago when 18 Russian bots had broken into our security overnight and had no reply (yeah, Vince, I'm glaring at you: I do this shit for free and you better support me!) I wouldn't hold out a lot of hope that will change. We might be f*cked on the internet, but we still have better shaves than anyone else.
Re: 'Website not secure' notification
Posted: Mon Dec 24, 2018 11:26 am
by drmoss_ca
It isn't; I checked. The things I do for you guys...
Re: 'Website not secure' notification
Posted: Mon Dec 24, 2018 1:57 pm
by cjc15153
There is a free ssl certification available from the Electronic Freedom Foundation (EFF) via
letsencrypt.org. You need root access to the web server to install it, but I have been using it for a couple years without incident.
To redirect all traffic to https, you add a 301 redirect to the Apache or Nginx configuration file, which is pretty easy if that's all you have to change.
Re: 'Website not secure' notification
Posted: Mon Dec 24, 2018 2:16 pm
by slackskin
cjc15153 wrote: ↑Mon Dec 24, 2018 1:57 pm
There is a free ssl certification available from the Electronic Freedom Foundation (EFF) via
letsencrypt.org. You need root access to the web server to install it, but I have been using it for a couple years without incident.
To redirect all traffic to https, you add a 301 redirect to the Apache or Nginx configuration file, which is pretty easy if that's all you have to change.
That is one of the cool things I like about this site. The membership includes lots of different people with different skills enabling almost any problem to be tackled. Bravo!
Re: 'Website not secure' notification
Posted: Mon Dec 24, 2018 11:15 pm
by brothers
cjc15153 wrote: ↑Mon Dec 24, 2018 1:57 pm
There is a free ssl certification available from the Electronic Freedom Foundation (EFF) via
letsencrypt.org. You need root access to the web server to install it, but I have been using it for a couple years without incident.
To redirect all traffic to https, you add a 301 redirect to the Apache or Nginx configuration file, which is pretty easy if that's all you have to change.
So, is this something I personally can/should do? Or am I understanding correctly that only the owner or admin can do such things? All of the above is not within my realm of knowledge. Also, what difference does it make to me in terms of posting? It's all Greek to me.
Re: 'Website not secure' notification
Posted: Tue Dec 25, 2018 6:16 am
by drmoss_ca
No Gary, only Vince can do that. And if he did, it wouldn't change your user experience at all, beyond not getting the 'insecure site' on logging in.