Google to Condemn insecure websites

just sent another note to my district admin. Don’t want to get caught this summer when many are on vacation.

So is it a certificate? or is it going from http:// to https:// or both

Chicken and egg :slight_smile: You can’t go https:// without a certificate.

Being close to the 7x’s I was feeling pretty old this morning until I caught up with this thread, now I realize I’m just a youngster :smiley:

I used to think I was in the “geezer” category, but realize now I am in the “Old Fart” realm. Just remember, “Old age and treachery always overcome youth and skill.”

We might consider renaming this thread to… Google to Condemn insecure Geritol websites ?

I went ahead and going to do comodo[s positve ssl. 111 for a year and then throw my hands in the air and scream
However, I did take prune juice, miralax and a Linzess so I better do that in comfort of the bathroom.

What Hostmoster said is that they would do the deed, then put in a redirect for those who do the http and i should be good. the problem is something is wrong with my pay thing. it generates an error that they are tracking down.

So later…

@ALL
That is a BAD advice form the provider. Never set that redirect until your website is fully httpS tested with all possible pages and with all extras such as weather alarms a.s.o.

Your customised template is huge and normally it will take a user with basic php knowledge about two weeks to check and adapt everything.

A correct procedure would be that all users
use the current site http://desmoinesweather.org/weather28/ and can visit all pages without interruptions or error messages.

You, as the tester

[ul][li]You will add https in front and will be the only one knowing that https://desmoinesweather.org/weather28/ exists[/li]
[li]You will have two browser windows open to the same page, one with http and one with https[/li]
[li]You will then check wat is NOT displayed on the https one and if the “unsafe” or “safe” icon is displayed in the browser address field
Some 30% of the pages need some to a lot of work.[/li]
[li]Do inspect => console and you will see the error messages, mostly http images or http scripts which were denied loading into a https page.
You will find swiftly if the http link can be substituted with a https one, more then half of the pages can modified that way.
[/li][/ul]
Otherwise remove the page from the menu and put it on a TODO list.

If your sites runs acceptable under https, THEN and ONLY THEN you can afford yourself a redirect. But even then i would not use a redirect you can not modify yourself.
All users will follow the providers https redirect, no way to exclude one or more pages which do not run under https yet or never will.

I prefer the redirect in your own root .htaccess such as the example below, which will do the redirect, but not for pages with a special name or token

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{QUERY_STRING} htp
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} !htp
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Wim

This old f%&t bit I’m definitely in the f%$t category but not quite in the old bit yet (61). :smiley: :smiley:

teal.

Or maybe the best solution would be for me or others, to continue on as we are currently doing and not give a rat’s rear what google is going to do. from my analytics it seems that the same users come to my site and new users not so much. So what if Google lists my site as unsafe, I would assume that if I post something up on the maintenence section what Davis is going to do, it might solve this whole thing.

I just set up weather-display.com as a google business, which might help , re the fact no https, ?

This was the response. At least they are aware.

[See this web page for more specifics on the change:

So the page will still be accessible on http, but there will be a note next to the URL that says “Not Secure”.

Your current web site domain is weather.rms.rdale.org. It appears we are not currently hosting it as an https web site.

With the wildcard certificate that we currently have, and most other wildcard certificates, we can use it with *.rdale.org, but not ..rdale.org, so if you want to use the web site with https, we would either need to purchase a certificate specifically for that domain or change your domain to something like weather-rms.rdale.org or rms-weather.rdale.org.

It is my understanding that they will list your site and mine as not secure. I have a small cadre of people who view my site. Already I have posted that google is going to do this and my site is safe.

I was going to go with Comodo’s Positive SSL for 5 bucks a month but it was not advised to go SSL because on my templates that I use from Leuven, there is a question will the various links that are identified to being http and referring back to my site might not operate right.

Considering cost, of the certificate plus the static IP which seems to be necessary as well, it isn’t worth the added expense for someone like me at this time. My best option is to be vetted by other search engines.

It sounds like they are willing to move my site to another certificate and make a minor rename. Then add a forwarding to my old site. I should not have to do much recoding since anything for my site is in my files.

Whew. May get done in the next month.

When I was teaching, we had our own IT people and they would do things like that. However now it is up to me. I think what I am going to do is take my chances. I have Leuven templates and Wim implied that changing over to https, would cause problems for the templates. So I am going to wait and see what he comes up with. Hostmonster said that they could, for a fee, add the certificate and a static ip address, then after everything was in place, put a redirect in for me so if someone went to http, they would be sent to the https site.

So I am waiting.

I could not find that statement or when I wrote that, probably my basic knowledge of English when I tried to warn:
scripts need to be adapted, it is not working “as-is” when changing from http to https.
With simply redirecting your current extensive website to https, your visitors will have a lot of pages with empty white spaces where http content will not be shown. Although http images will be shown, those pages will not show a padlock either. Pages with highchart graphs or google-map javascripts wil not display as most old links in the scripts are http.

It takes a person with some HTML and basic PHP knowledge less then 2 days to check every page. Multiple users are already using the Leuven template ( current version 2.8 ) with https.

Modern browsers are of great help as they display in the “inspect=>console tab” all problems such as “mixed content”, “http iframes” and “http javascripts”. In most cases a simple “s” has to be added.

But without normal HTML and basic PHP knowledge it definitely will a problem. Maybe an IT-student can be of help.

So I am going to wait and see what he comes up with. Hostmonster said that they could, for a fee, add the certificate and a static ip address, then after everything was in place, put a redirect in for me so if someone went to http, they would be sent to the https site.

So I am waiting.

When you switch to https do not start with a redirect.
Just use it manually. Let all visitors continue using http:// and test yourself every page with https://
That gives you ample time to find if there are “problems” on a page and modify the code.

Nowadays most providers have a free https certificate, no static IP needed.
Only companies which do business need those extensive certificates.

You should do your own redirect. There are numerous examples of that.
Probably you will have one or two pages which, for now, can not work with https.
Having your own htacces with your own redirects give you far more flexibility.

If you or others are moving to https, some Dutch users have all the 2.8 scripts adapted for https and they are available for download.
It is not a full install but only for finding the needed changes. Not all US links are already adapted, that is understandable.

Wim

If I decide to go https, after my website provider does what they do, is there anyone with modified Leuven templates that do work with https, could help me out ?

I am not a programmer and unless it is pretty simple, I am screwed. i have Hostmonster for the rest of 2018. This is what they are offering. I can go SSL for 4.95 a month. From what i am reading, just putting in a ssl certificate isn’t enough, a static IP. I can afford to do it, but the hassle of going through each script sort of makes me want to be a rebel with a cause and say screw it. I wrote Davis about their WL2.0 and asked if they were going to make it similar to their 1.0 site where a person could just go to a specific url and voila we have information . Since I wrote today, I won’t hear until next week sometime.


School is working on a solution. https://rms-weather.rdale.org/

It is a start and is requiring some background changes on my part. It may take time as other sites go HTTPS

https://www.engadget.com/2018/10/08/chrome-70-will-break-hundreds-of-sites/?yptr=yahoo

So what does it mean? Will our un-secure sites fail to load now? Where are these free certificates?

The decertifying of Symantec-CA issued certs likely won’t impact any of our sites (unless your hoster used them for purchased certificates).

If your hoster allows it, you can use LetsEncrypt certificates (good for 3 months at a time, easily renewable) to add HTTPS capability to your weather website. 1and1 Shared servers don’t allow LetsEncrypt, but do offer a starter SSL certificate for free with hosting.
GoDaddy cPanel hosting allows import of LetsEncrypt certs on shared hosting, but it’s a bit complicated – use https://www.sslforfree.com/ to generate (via LetsEncrypt) the public/private/CA certs needed. On VPS hosting, you can likely use the cPanel or Plesk panel to automatically add/maintain LetsEncrypt certs for your sites. Your mileage may vary with other hosters.