HTTPS support for http://forums.lanik.us/
HTTPS support for http://forums.lanik.us/
I would appreciate it if you enabled https for this site.
Getting a free certificate isn't an option since there is obvious lack of compatibility and unless someone wants to donate $30 to get one I doubt it will happen any time soon.
"If it ain't broke don't fix it."
http://pastebin.com/qW4eLYnkThis message was flagged as spam and has been denied.
https://www.startssl.com is free and has good compatibility.
https://cheapsslsecurity.com/comodo/positivessl.html offers 3 years for $15
I'm happy to donate $15 for it. Although the StarSSL cert should be good enough.
I looked over that one. Its free to get a cert but validity costs money. I'm not entirely comfortable with that.harol wrote:https://www.startssl.com is free and has good compatibility.
Didn't know about this one I'll check it out.harol wrote:https://cheapsslsecurity.com/comodo/positivessl.html offers 3 years for $15
"If it ain't broke don't fix it."
That's only if you want your Real Name or Organisation name (eg. Code Signing)or Extended Validation (Green bar)Lanik wrote:Its free to get a cert but validity costs money.
https://www.startssl.com/?app=40
The only "downside" is you need to renew each year and browsers/os that haven't been updated since 2009 won't support it. (eg Updated XP will support it. XP SP0 won't)
Mozilla has supported it since 2004 I think.
I use them personally and haven't paid a cent.
I'll give it a try and see what happens. I'll let you know how it works out.
"If it ain't broke don't fix it."
Do I have to give them my real name or do I have to use the same registration as my domain? Thanks.
"If it ain't broke don't fix it."
I've created ~20 certs the past year with them on domains that have my name, some that have organisations I'm a director of and others where I use private registration.Lanik wrote:Do I have to give them my real name or do I have to use the same registration as my domain? Thanks.
I personally gave correct info, but unless you pay for identity verification it won't be checked. Identity verification is if you actually want your real details in the certificate not just the domain name.
When you generate a CSR you can just enter garbage as it's ignored anyway.
Here are the steps I use:
Verify ownership of the domain (via email).
Generate a keypair.
Generate a CSR with SHA-256 (SHA1 certs won't be valid after 2017ish anyway)
Code: Select all
openssl req -sha256 -new -newkey rsa:2048 -nodes -keyout forums.lanik.us.key -out forums.lanik.us.csr90% of the time for me it says to wait 3 hours for manual verification dunno why but I've never been denied.
Grab the StartSSL SHA-256 intermediate certificate.
https://www.startssl.com/certs/class1/s ... ha2.ca.pem
(I've heard people having problems downloading it via Firefox, try wget or Chrome or both and check the hashes)
Install the private key, certificate and intermediate certificate on webserver.
Hope this helps.
This actually helps a great deal. I'm used to running corporate web sites and the companies buying certs from likes of Verisign, Symantec, DigiCert etc. This is a hosted account and I'm not used to not having access to all aspects of my systems. I know what to do when I've built the system myself, but when it comes to hosted solutions I'm lost.harol wrote:Hope this helps.
StartSSL is doing maintenance this weekend so I'll get a cert on Monday. I've also signed up for CloudFare and they offer SSL certs I just have to wait 24 hours to get one.
"If it ain't broke don't fix it."
Okay so index.php works but https://forums.lanik.us doesn't. I've added the certificate to cPanel but things haven't changed yet. I might need to call my host and find out what's going on.
FWIW I did add the certificate to cPanel already that I got from StartSSL.
Looks like its working correctly just needed to clear my browser cache.
FWIW I did add the certificate to cPanel already that I got from StartSSL.
Looks like its working correctly just needed to clear my browser cache.
"If it ain't broke don't fix it."
I guess the benefit of using cloudflare's ssl, is they throw in a DDoS protection and a CDN as well, personally I'd stick with Cloudflare since its now setup.
Agreed that was a very easy setup to perform. One thing I like is the speed since everyone is hitting CloudFlare and not my host (not that I need to conserve bandwidth). The host is in FL and I'm in CA and the routing sucks to my host directly:
But CloudFare makes things somewhat faster and not just for me:
Code: Select all
traceroute to mail.lanik.us (66.7.213.116), 64 hops max, 52 byte packets
1 router (10.1.1.1) 0.587 ms 0.280 ms 0.244 ms
2 69.181.180.1 (69.181.180.1) 9.000 ms 8.597 ms 8.355 ms
3 te-0-7-0-5-sur03.sf19th.ca.sfba.comcast.net (162.151.31.33) 9.433 ms 9.431 ms 9.880 ms
4 te-1-14-0-1-ar01.sfsutro.ca.sfba.comcast.net (68.85.154.30) 10.156 ms
te-1-14-0-2-ar01.sfsutro.ca.sfba.comcast.net (68.85.154.206) 9.686 ms
te-1-14-0-3-ar01.sfsutro.ca.sfba.comcast.net (68.85.57.46) 10.352 ms
5 he-3-13-0-0-cr01.350ecermak.il.ibone.comcast.net (68.86.90.181) 13.952 ms 10.929 ms 11.687 ms
6 50.242.148.34 (50.242.148.34) 9.930 ms 10.089 ms 9.915 ms
7 ae-1-8.bar1.orlando1.level3.net (4.69.137.149) 81.386 ms 89.826 ms 82.175 ms
8 ten-7-4.edge1.level3.mco01.hostdime.com (67.30.140.198) 81.848 ms 82.709 ms 83.608 ms
9 xe-1-3-core1.orl.hostdime.com (72.29.88.42) 221.523 ms 216.288 ms 95.757 ms
10 * * *
^C
Code: Select all
traceroute: Warning: lanik.us has multiple addresses; using 104.28.15.110
traceroute to lanik.us (104.28.15.110), 64 hops max, 52 byte packets
1 router (10.1.1.1) 0.733 ms 0.288 ms 0.241 ms
2 69.181.180.1 (69.181.180.1) 10.003 ms 8.382 ms 8.392 ms
3 te-0-7-0-5-sur03.sf19th.ca.sfba.comcast.net (162.151.31.33) 9.800 ms 9.995 ms 9.056 ms
4 te-8-2-ur02.dalycity.ca.sfba.comcast.net (68.85.57.26) 10.896 ms
te-1-14-0-1-ar01.sfsutro.ca.sfba.comcast.net (68.85.154.30) 20.814 ms
te-1-14-0-0-ar01.sfsutro.ca.sfba.comcast.net (68.85.154.6) 11.174 ms
5 he-3-11-0-0-cr01.sanjose.ca.ibone.comcast.net (68.86.94.133) 13.292 ms 20.532 ms 12.772 ms
6 he-0-11-0-0-pe03.11greatoaks.ca.ibone.comcast.net (68.86.85.238) 11.102 ms 11.233 ms 11.379 ms
7 ae-13.r02.snjsca04.us.bb.gin.ntt.net (129.250.66.33) 11.391 ms 19.032 ms 11.719 ms
8 nlayer.xe-2-3-0.cr1.sjc1.us.scnet.net (69.22.153.178) 17.665 ms 17.813 ms 16.128 ms
9 as13335.xe-8-1-0.cr1.sjc1.us.as4436.gtt.net (69.22.153.214) 17.163 ms
as13335.xe-8-0-0.cr1.sjc1.us.as4436.gtt.net (69.22.153.198) 16.474 ms
as13335.xe-8-0-5.ar2.sjc1.us.as4436.gtt.net (69.22.130.146) 16.721 ms
10 104.28.15.110 (104.28.15.110) 15.399 ms 16.664 ms 15.896 ms"If it ain't broke don't fix it."
Given most of us are spread around the world (Germany/NZ/UK/US..) Cloudflare should work in all our favors since they lots of nodes.
Hi thanks so much for doing this!
I've been getting an infinite redirect loop on /
Maybe try something like this instead:
I suspect your redirect code doesn't check if it's already over HTTPS (and it only works for /, not /index.php or /asd)
I've been getting an infinite redirect loop on /
Maybe try something like this instead:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}Yeah, I'm hitting this also..
Thanks just saw that and fixed it.
"If it ain't broke don't fix it."