Site not Secure?

slapo

Forum GOD!
It's most likely due to the site not being on HTTPS.
It would be nice to have e .g. Let's Encrypt certificates in use at some point, though.
 

Dobbo25

Forum GOD!
Sorry 'Website not secure' it says, Not only this site but two other forums as well.Never happened before until today.
Not.jpg
 

halvor

a most elusive fish
Have you possibly updated browser or OS since last logging on? Could be a new setting.

It’s most definitely related to the site not being on https.
 

Dobbo25

Forum GOD!
Have you possibly updated browser or OS since last logging on? Could be a new setting.

It’s most definitely related to the site not being on https.
Not recently, it has only been happening since this afternoon. I've been through all the settings and nothing has changed. It only happens on this forum, TSR and ShaveNook.
 

bikerjohn666

Über Member
Not recently, it has only been happening since this afternoon. I've been through all the settings and nothing has changed. It only happens on this forum, TSR and ShaveNook.
Same here with AGT and was with TSR. With TSR I manually entered https:// on the log in page then bookmarked it, problem solved. However, it doesn't seem to work with this site. Incidentally, I only get the warning message when using my laptop or PC. I use Firefox. It's fine on my phone.
 

Dobbo25

Forum GOD!
Same here with AGT and was with TSR. With TSR I manually entered https:// on the log in page then bookmarked it, problem solved. However, it doesn't seem to work with this site. Incidentally, I only get the warning message when using my laptop or PC. I use Firefox. It's fine on my phone.
I'm using latest Safari and a Firewall neither of which has updated in over two weeks. I'll try your https method and see if it helps.

Worked with TSR but not this site.
 
Last edited:
Same here with AGT and was with TSR. With TSR I manually entered https:// on the log in page then bookmarked it, problem solved. However, it doesn't seem to work with this site. Incidentally, I only get the warning message when using my laptop or PC. I use Firefox. It's fine on my phone.
I use the KB SSL enforcer plugin for Chrome.
 

Nishy

Forum GOD!
Staff member
Ok Chaps, we have been in contact with our provider, from the Gentleman:

due to an oversight, Public-Key-Pins were enabled, which sets a 2592000second (1 month) header in the browser. If I replace the SSL certificate while the Public-Key-Pins header is still set, you will get a security warning while attempting to access the site.


You can manually clear the header in your browser.


Chrome (Desktop and Mobile Version):

https://linux-audit.com/delete-a-hsts-key-pin-in-chrome/

Firefox:

https://linux-audit.com/deleting-outdated-hpkp-key-pins-in-firefox/


Safari and Edge, you should just need to clear the cache for the site.


Chrome is currently planning on depreciating PKP in May 2018:

https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ


https://scotthelme.co.uk/im-giving-up-on-hpkp/


However, as the header has been previously set, until this is either removed from your browser manually, or the header value expires and is removed from the browser when it attempts to fetch it again (and find's it's no longer there), there will be errors accessing the site from the 22nd April. I'll delay swapping the certificate until the very last minute.


Apologies in advance for this, and hopefully it won't cause any issues after the 22nd once the certificate is replaced if you have cleared the browser cache per the previosuly mentioned methods.


Regards,

Matt

Hopefully this helps.
 
Top