Avatar wrote:Yes, pretty much. The free version is a relatively new thing, paid ones are valid for a year before renewal is required, just like your domain.
--A
If you already know the price range for what would be needed for a site like ours Av., what is it?
(feel free to mention multiple packages; in case there is like a better rate if you pay for 5 years in advance.)
(Sorry I was like "HEY! Peoples! Here's something we should do something about."
...and then I didn't say anything for a bit.)
"People without hope not only don't write novels, but what is more to the point, they don't read them.
They don't take long looks at anything, because they lack the courage.
The way to despair is to refuse to have any kind of experience, and the novel, of course, is a way to have experience."
-Flannery O'Connor
"In spite of much that militates against quietness there are people who still read books. They are the people who keep me going."
-Elisabeth Elliot, Preface, "A Chance to Die: The Life and Legacy of Amy Carmichael"
Oddly, while my benevolent corporate overlords still block kevinswatch from work, for some reason it is not blocked when I am working from home and connected to work with a VPN.
wayfriend wrote:Oddly, while my benevolent corporate overlords still block kevinswatch from work, for some reason it is not blocked when I am working from home and connected to work with a VPN.
So, you know .... bright spot, yada yada.
It's no accident that you're the largest recipient of Thanks by other Watchers, wayfriend, because you have produced a lot of terrific posts! I am sorry that it's recently become more troublesome for you to do that, but it's a bright spot if you can post more during the pandemic. (Another bright spot: Has everybody noticed that the air is getting a lot cleaner lately?)
(Don't get me wrong, I find this pandemic frustrating and unnerving. But I want to be able to see some bright side while maintaining social distance and dealing with all these restrictions.)
I see you've installed a valid certificate. But it's only valid for 3 months! Valid from 5/26/2020 to 8/25/2020.
Some pages are showing as secure, others have a warning: Attackers might be able to see the images you're looking at on this site and trick you by modifying them.
Even though you have SSL installed on for your domain, you can see this error and this simply means your website contains “http” links on its pages. You can even see this error on some pages instead of every page. It can be an image that’s linked to an external url starts with “http” instead of “https”. We don’t want “http” links in our site so to eliminate this SSL error, we need to “fix” these “http” links.
Looking at the page source, culprits include the Home button, Avatar's signature, Cord Hurn's signature, etc.
Yeah, Let's Encrypt requires renewal every 3 months. The thing with the images is because the image paths (where they are posted etc.) are still http, which it's now trying to load into https, so you get "cross-domain" issues. (Since theoretically http and https versions are 2 different sites, one of which is insecure.)
Shouldn't be enough to do more than show a little orange icon in the address bar instead of a green one. Google (chrome) etc. will still accept the site as being https.
- certificate auto renews every year so all good there
- I think I fixed all the type urls in sigs and in the menu
- the profile now works but it is a basic one. Something in the previous modded version was breaking it
I haven't modified urls in posts that have links
The album must have a glitch. The files are not saved as so something else is glitching on that front.
There are links in posts and links in signatures and (probably) links for avatars (that were not uploaded) and I don't know if one can make them all go away.
If there was an automatic way for PHPBB2 to change all http: to https:, one is left with the question, would that link still work?
There is an Apache thing called a .htaccess file which can be configured to maybe make this go away. Presuming that this website is ultimately built on Apache.
Resolving the warning by adding code to your .htaccess file
Instead of manually updating links in your code, you could add the following lines to your site's .htaccess file.
Header always set Content-Security-Policy "upgrade-insecure-requests;"
These lines force the browser to automatically update any insecure links to secure links. Once added, the warning should immediately disappear.
There may be an equivalent feature if it's not Apache.
I had a crack at making them go away - likely means a number of images etc are no longer there but at least the pages should be secure. The htaccess file is managed via the cpanel settings so that line gets rejected.
Probably as good as it's goig to get for now - there isn't a way to block images etc in the future though from being linked to