Lunarpages Web Hosting Forum

Author Topic: Let's Encrypt  (Read 61771 times)

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6345
Re: Let's Encrypt
« Reply #30 on: February 27, 2018, 05:46:55 PM »
The latest LP newsletter points to https://lunarpages.com/importance-automated-ssl-encryption/, which seems to imply that Auto-SSL is up and running. Has anyone heard any advice to not yet make use of this SSL, or have any bad experiences to relate? If not, I will cut over to SSL later this week. Apparently it is supposed to work for non-www and www, but what about subdomains? I wonder how long it will take Lunarforums to change over to SSL?

LP added a ton of RewriteCond's to my .htaccess files, most of which appear to be useless (i.e., will always be true). Is there any reason that most of these can't be removed? I'd love to see an explanation for what they're intended to do, and when they could safely be removed (for performance reasons). I get the feeling that these are checking for certain specific DCV URIs (that do what?) and avoiding a rewrite in those cases.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1557
    • http://www.notonebit.com
Re: Let's Encrypt
« Reply #31 on: February 28, 2018, 06:53:57 AM »
Quote
LP added a ton of RewriteCond's to my .htaccess files, most of which appear to be useless (i.e., will always be true).

Seems the longer we're here, the more of these rules we end up with.
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6345
Re: Let's Encrypt
« Reply #32 on: March 06, 2018, 04:05:30 PM »
I've been running my site under SSL for 24 hours now, with no apparent problems. Fingers crossed everything keeps working.

It's a lot of work to move Simple Machines Forum (like Lunarforums) over to SSL. One thing I noticed was that SMF 2.0.11 (which Lunarforums still uses) seems to dislike SSL links to avatars, and removes them. I needed to provide an http link to my avatar (which my .htaccess redirects to https). This does not seem to be the case with SMF 2.0.15 (which I use).
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6345
Re: Let's Encrypt
« Reply #33 on: March 31, 2018, 06:50:00 AM »
I just got an email notice that my SSL certs have been updated again (this is apparently a quarterly event). Again, the email gives a link into cPanel to use the SSL/TLS Wizard, to upgrade SSL, but it only sends me to my standard cPanel page, and nothing in there looks like a Wizard of this sort. Am I looking in the wrong place, or for a wrong title? And when would I want to upgrade? I assume this costs $$.

Just to update my previous post, LP finally upgraded SMF (Lunarforums) to SMF 2.0.15, and it now accepts https avatar links. There's still a problem with old avatar links that are http, and cause my browser to give a warning that not all content is secure. I suggested that LP write a script to test each non-SSL avatar link to see if an SSL version works, and to auto-edit the link to SSL (with note to the member telling them). Users of the built-in SMF avatar library can be automatically updated, without notice. Otherwise, members need to be reminded to update their avatars to avoid warnings. Those who fail to respond within 3 months or so can have their avatars removed.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1557
    • http://www.notonebit.com
Re: Let's Encrypt
« Reply #34 on: April 02, 2018, 05:47:19 AM »
Maybe open a ticket with support and post their reply here so we can all learn what's going on since I don't recall seeing any emails or notices of any kind, and if it wasn't for the forum I'd be in the dark.
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)

Offline efgroup

  • Space Explorer
  • ***
  • Posts: 9
Re: Let's Encrypt
« Reply #35 on: April 26, 2018, 05:50:10 PM »
I searched the wiki for any 'how to' - I stumbled across the .htaccess rewrite mods listed here in this post (thanks for the inputs earlier ! ) and I am wondering...

if i want to force my site to flip to https when ever it's loaded, i gotta write stuff in .htaccess ?  That's what I'm gleaning here

and ...

seriously ? php won't run with the auto ssl thingie ?  ack ! I am about to take a deep dive on it .. Usually I code after 8 PM till 2 AM - wish me luck !
I've been running my site under SSL for 24 hours now, with no apparent problems. Fingers crossed everything keeps working.

It's a lot of work to move Simple Machines Forum (like Lunarforums) over to SSL. One thing I noticed was that SMF 2.0.11 (which Lunarforums still uses) seems to dislike SSL links to avatars, and removes them. I needed to provide an http link to my avatar (which my .htaccess redirects to https). This does not seem to be the case with SMF 2.0.15 (which I use).

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6345
Re: Let's Encrypt
« Reply #36 on: April 26, 2018, 06:03:49 PM »
Well, the links (<a href> tags) your site produces should be updated to produce https in the first place. Then, in case anyone comes in with an old http bookmark, or types it in that way, you have .htaccess code (assuming a Linux/Apache server) to convert http to https. You should also force with (or without) www. in the same rewrite... you don't want two separate R=301 round trips!

I don't understand the question about PHP and Auto-SSL. It works fine. Maybe you're confusing an old limitation where PHP would not work with a shared SSL certificate?
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline efgroup

  • Space Explorer
  • ***
  • Posts: 9
Re: Let's Encrypt
« Reply #37 on: April 26, 2018, 06:16:31 PM »
well, when someone enters one of the following:
mysite.com
www.mysite.com
http://www.mysite.com
I want it to flip to https://www.mysite.com

I had gleaned something about it in this topic, for .htaccess ... back on page 2... posts 17 and 18..

I should look at it in the first page (index.html) for any <a href> thingie instead ? eeek .   What i learned what that if i enter the https://mysite.com or https://www.mysite.com - all of the other pages that a user can click through STAY in SSL mode (which is what I want) .

Thanks for following up, even at this hour - I really appreciate it !   re: the php thingie for autossl - well, this thread/topic has some legs to it - I'm on galaxy so maybe the php version is 'current/stable' :D

Well, the links (<a href> tags) your site produces should be updated to produce https in the first place. Then, in case anyone comes in with an old http bookmark, or types it in that way, you have .htaccess code (assuming a Linux/Apache server) to convert http to https. You should also force with (or without) www. in the same rewrite... you don't want two separate R=301 round trips!

I don't understand the question about PHP and Auto-SSL. It works fine. Maybe you're confusing an old limitation where PHP would not work with a shared SSL certificate?
« Last Edit: April 26, 2018, 06:18:57 PM by efgroup »

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6345
Re: Let's Encrypt
« Reply #38 on: April 26, 2018, 06:38:16 PM »
well, when someone enters one of the following:
mysite.com
www.mysite.com
http://www.mysite.com
I want it to flip to https://www.mysite.com
Code: [Select]
RewriteEngine On
RewriteCond  %{HTTPS}  !on  [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.mysite.com/$1  [R=301,L]
should do it. I'm assuming you prefer "www" over "non-www". And you're on an Apache server (one that processes .htaccess).

Quote
I should look at it in the first page (index.html) for any <a href> thingie instead ? eeek .   What i learned what that if i enter the https://mysite.com or https://www.mysite.com - all of the other pages that a user can click through STAY in SSL mode (which is what I want) .
Your code (HTML or PHP) may then already be producing https for links if that's what the page was called with. If so, you don't need to do anything extra. What you don't want is to produce http links and require an extra round-trip for each with a 301 status to change it to https -- it will be slower and you'll get a search engine penalty (i.e., poorer page rank). You also look like an idiot when your site does that.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline efgroup

  • Space Explorer
  • ***
  • Posts: 9
Re: Let's Encrypt
« Reply #39 on: April 27, 2018, 08:10:42 AM »
Mr. Phil - ya, I was afraid of all that,
I don't want that side effect of being unfindable by the Google :(

So I changed it up a bit, instead of everything on all pages,
I have hard calls into https using that a href thing only for the login and user system.

None of that rewriting, after all.   

Thanks for helping me get it clear in my brain - I really appreciate it !

I was happy to find your posts about this in this topic - but I was surprised there was not a solid wiki page on this ... maybe someone, even me, could start one later ...   Have a great weekend !
« Last Edit: April 27, 2018, 08:36:02 AM by efgroup »

Offline dmikester1

  • Newbie
  • *
  • Posts: 4
Re: Let's Encrypt
« Reply #40 on: May 09, 2018, 08:58:00 AM »
So what's the latest status for support for letsencrypt?  I've emailed support as well.  I'd like to add https to all of my sites.
Thanks!
Mike

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6345
Re: Let's Encrypt
« Reply #41 on: May 09, 2018, 11:54:07 AM »
It looks like Auto-SSL (not Let's Encrypt) should be installed and usable everywhere by now. Have you received any automated notices that your certificate(s) have been updated? If not, you might want to send a tickler to support and ask them what's up. Otherwise, it looks like they're not going to announce it, so just try starting to use SSL.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline dmikester1

  • Newbie
  • *
  • Posts: 4
Re: Let's Encrypt
« Reply #42 on: May 15, 2018, 08:09:32 PM »
I'll be darned!  Just tested my sites with https and it worked perfect!  Thanks for the tip!

Now I just need to add some rules to my htaccess to auto redirect.

Offline dmikester1

  • Newbie
  • *
  • Posts: 4
Re: Let's Encrypt
« Reply #43 on: May 15, 2018, 11:30:34 PM »
For anyone reading this who is curious, I just figured out how to redirect all traffic to HTTPS and remove the www as well.  Here are the rules I added to my .htaccess file to accomplish those two tasks.

Code: [Select]
#force HTTPS for all traffic
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#remove www for all traffic
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6345
Re: Let's Encrypt
« Reply #44 on: May 16, 2018, 08:41:05 AM »
There's a couple of minor problems with your code.
  • If the incoming URL is http: and the domain is www.mydomain.com, it could cause two round trips to the browser (or search engine) instead of one. The first will be to set https:, and the second will be to remove www.. These should really be consolidated, so that search engines won't penalize you for the extra trip.
  • Some servers may execute the flags in order, so that "L" leaves before the return status code is explicitly set ("R=301"). It's usually considered better to put the status code first.
I would do it this way:
Code: [Select]
# force HTTPS and remove www. for all traffic, in one response to browser or SE
RewriteCond %{HTTPS}  off  [OR]
RewriteCond %{HTTP_HOST}  ^www\.  [NC]
RewriteRule ^(.*)$  https://mydomain.com/$1  [R=301,L]

Be careful about using %{HTTP_HOST} in the replacement URL, as it will be what the visitor typed in, not some canonical form.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-