Site not Secure?

Discussion in 'Site Support and Feedback' started by Dobbo25, Apr 2, 2018.

  1. Dobbo25

    Dobbo25 Forum GOD!

    Location:
    UK
    Anyone else getting a "Site Not Secure message " when they log in?
     
  2. Grarea

    Grarea Forum Plod

    Not me.
     
  3. slapo

    slapo Forum GOD!

    Location:
    London, UK
    It's most likely due to the site not being on HTTPS.
    It would be nice to have e .g. Let's Encrypt certificates in use at some point, though.
     
    Count of Undolpho likes this.
  4. Dobbo25

    Dobbo25 Forum GOD!

    Location:
    UK
    Sorry 'Website not secure' it says, Not only this site but two other forums as well.Never happened before until today.
    Not.jpg
     
  5. halvor

    halvor Esquire

    Location:
    Norway
    Have you possibly updated browser or OS since last logging on? Could be a new setting.

    It’s most definitely related to the site not being on https.
     
  6. Dobbo25

    Dobbo25 Forum GOD!

    Location:
    UK
    Not recently, it has only been happening since this afternoon. I've been through all the settings and nothing has changed. It only happens on this forum, TSR and ShaveNook.
     
  7. bikerjohn666

    bikerjohn666 Über Member

    Location:
    England
    Same here with AGT and was with TSR. With TSR I manually entered https:// on the log in page then bookmarked it, problem solved. However, it doesn't seem to work with this site. Incidentally, I only get the warning message when using my laptop or PC. I use Firefox. It's fine on my phone.
     
  8. Dobbo25

    Dobbo25 Forum GOD!

    Location:
    UK
    I'm using latest Safari and a Firewall neither of which has updated in over two weeks. I'll try your https method and see if it helps.

    Worked with TSR but not this site.
     
    Last edited: Apr 2, 2018
  9. Morecolor

    Morecolor Forum GOD!

    Not this website.
    But, I was getting at the Shavemac site..
     
  10. Nishy

    Nishy Forum GOD! Staff Member

    No issues my end but will ask the experts.
     
    Dobbo25 likes this.
  11. Count of Undolpho

    Count of Undolpho Guru

    Location:
    Leeds
    I use the KB SSL enforcer plugin for Chrome.
     
  12. Nishy

    Nishy Forum GOD! Staff Member

    Ok Chaps, we have been in contact with our provider, from the Gentleman:

    due to an oversight, Public-Key-Pins were enabled, which sets a 2592000second (1 month) header in the browser. If I replace the SSL certificate while the Public-Key-Pins header is still set, you will get a security warning while attempting to access the site.


    You can manually clear the header in your browser.


    Chrome (Desktop and Mobile Version):

    https://linux-audit.com/delete-a-hsts-key-pin-in-chrome/

    Firefox:

    https://linux-audit.com/deleting-outdated-hpkp-key-pins-in-firefox/


    Safari and Edge, you should just need to clear the cache for the site.


    Chrome is currently planning on depreciating PKP in May 2018:

    https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ


    https://scotthelme.co.uk/im-giving-up-on-hpkp/


    However, as the header has been previously set, until this is either removed from your browser manually, or the header value expires and is removed from the browser when it attempts to fetch it again (and find's it's no longer there), there will be errors accessing the site from the 22nd April. I'll delay swapping the certificate until the very last minute.


    Apologies in advance for this, and hopefully it won't cause any issues after the 22nd once the certificate is replaced if you have cleared the browser cache per the previosuly mentioned methods.


    Regards,

    Matt

    Hopefully this helps.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice