Lunarpages Web Hosting Forum

Author Topic: Let's Encrypt  (Read 54052 times)

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6281
Re: Let's Encrypt
« Reply #30 on: February 27, 2018, 05:46:55 PM »
The latest LP newsletter points to https://lunarpages.com/importance-automated-ssl-encryption/, which seems to imply that Auto-SSL is up and running. Has anyone heard any advice to not yet make use of this SSL, or have any bad experiences to relate? If not, I will cut over to SSL later this week. Apparently it is supposed to work for non-www and www, but what about subdomains? I wonder how long it will take Lunarforums to change over to SSL?

LP added a ton of RewriteCond's to my .htaccess files, most of which appear to be useless (i.e., will always be true). Is there any reason that most of these can't be removed? I'd love to see an explanation for what they're intended to do, and when they could safely be removed (for performance reasons). I get the feeling that these are checking for certain specific DCV URIs (that do what?) and avoiding a rewrite in those cases.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1555
    • http://www.notonebit.com
Re: Let's Encrypt
« Reply #31 on: February 28, 2018, 06:53:57 AM »
Quote
LP added a ton of RewriteCond's to my .htaccess files, most of which appear to be useless (i.e., will always be true).

Seems the longer we're here, the more of these rules we end up with.
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6281
Re: Let's Encrypt
« Reply #32 on: March 06, 2018, 04:05:30 PM »
I've been running my site under SSL for 24 hours now, with no apparent problems. Fingers crossed everything keeps working.

It's a lot of work to move Simple Machines Forum (like Lunarforums) over to SSL. One thing I noticed was that SMF 2.0.11 (which Lunarforums still uses) seems to dislike SSL links to avatars, and removes them. I needed to provide an http link to my avatar (which my .htaccess redirects to https). This does not seem to be the case with SMF 2.0.15 (which I use).
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6281
Re: Let's Encrypt
« Reply #33 on: March 31, 2018, 06:50:00 AM »
I just got an email notice that my SSL certs have been updated again (this is apparently a quarterly event). Again, the email gives a link into cPanel to use the SSL/TLS Wizard, to upgrade SSL, but it only sends me to my standard cPanel page, and nothing in there looks like a Wizard of this sort. Am I looking in the wrong place, or for a wrong title? And when would I want to upgrade? I assume this costs $$.

Just to update my previous post, LP finally upgraded SMF (Lunarforums) to SMF 2.0.15, and it now accepts https avatar links. There's still a problem with old avatar links that are http, and cause my browser to give a warning that not all content is secure. I suggested that LP write a script to test each non-SSL avatar link to see if an SSL version works, and to auto-edit the link to SSL (with note to the member telling them). Users of the built-in SMF avatar library can be automatically updated, without notice. Otherwise, members need to be reminded to update their avatars to avoid warnings. Those who fail to respond within 3 months or so can have their avatars removed.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1555
    • http://www.notonebit.com
Re: Let's Encrypt
« Reply #34 on: April 02, 2018, 05:47:19 AM »
Maybe open a ticket with support and post their reply here so we can all learn what's going on since I don't recall seeing any emails or notices of any kind, and if it wasn't for the forum I'd be in the dark.
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)