Forum Index > Support & Feedback > Missing SSL certificate
 Reply to topic
Previous :: Next Topic
Author Message
zimmertr
TJ Zimmerman



Joined: 24 Jun 2018
Posts: 1214 | TRs | Pics
Location: Issaquah
zimmertr
TJ Zimmerman
PostMon Jan 07, 2019 1:02 pm 
Hello, NWHikers does not currently have an active SSL certificate. This opens a lot of pretty dangerous security issues that could compromise the future of this forum. I am a system engineer so I can assist in configuring the site with an SSL certificate if needed. If funding is a problem, Lets Encrypt offers free SSL certificates and the procedure is automated via many tools. One of which is certbot. https://certbot.eff.org/

Back to top Reply to topic Reply with quote Send private message
Jaberwock
Member
Member


Joined: 30 Jan 2013
Posts: 722 | TRs | Pics
Location: Bellingham
Jaberwock
Member
PostMon Jan 07, 2019 8:09 pm 
Maybe you could help Tom move to Flarum while you're at it?

Back to top Reply to topic Reply with quote Send private message
neek
Member
Member


Joined: 12 Sep 2011
Posts: 2329 | TRs | Pics
Location: Seattle, WA
neek
Member
PostTue Jan 08, 2019 10:09 am 
Early beta, written by a kid in med school? Hmm... Login creds are sent in cleartext, so no one should use the same password elsewhere. (Of course you shouldn't do this anyway.) HTTPS would be a good first step, but can be expensive.

Back to top Reply to topic Reply with quote Send private message
zimmertr
TJ Zimmerman



Joined: 24 Jun 2018
Posts: 1214 | TRs | Pics
Location: Issaquah
zimmertr
TJ Zimmerman
PostTue Jan 08, 2019 11:04 am 
I agree that a forum software migration isn't in order but it is trivial to add a free SSL certificate to a website that is automatically rotated with a cronjob. And I would be willing to help as well, of course. It's not an exercise in moderate security. It's a necessity on the modern internet.

Back to top Reply to topic Reply with quote Send private message
Tom
Admin



Joined: 15 Dec 2001
Posts: 17835 | TRs | Pics
Tom
Admin
PostTue Jan 08, 2019 12:45 pm 
I can look into it. Have some other priorities right now (preserving a half million flickr images). And yeah, not moving to flarum (looked good a few years ago but there are better options out there).

Back to top Reply to topic Reply with quote Send private message
zimmertr
TJ Zimmerman



Joined: 24 Jun 2018
Posts: 1214 | TRs | Pics
Location: Issaquah
zimmertr
TJ Zimmerman
PostTue Jan 08, 2019 12:47 pm 
Good luck Tom. frown.gif Sounds rough.

Back to top Reply to topic Reply with quote Send private message
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 2052 | TRs | Pics
Location: Grand Junction
Matt Lemke
High on the Outdoors
PostWed Sep 30, 2020 2:25 pm 
Tom, I am bringing this back from the dead because I have a pretty big issue. As you know I use NWHikers almost exclusively for my trip reports, and I then copy the html to my personal website. The newest version of Google Chrome (Version 85) now prevents photos hosted from websites not having an SSL certificate to be displayed on other websites as both thumbnails, or as larger photos . Because of this, many reports from my website will not show any photos because Chrome sees they are not from a trusted website. They are blocked from loading, unless you click the link for each photo, then it will actually load the NWH page in a new tab (but that's annoying to do). For now, other browsers don't have this as a feature, but I worry that other browsers will soon follow suit since Chrome is the worlds most popular browser. It will quite literally take me weeks of time to re-write these reports on Weebly (the location I host my website on) to include every photo manually. This is why I periodically email you about the longevity of NWH because I also personally have a lot of time invested using it. For an example, if you view the following page in version 85 of Google Chrome, you will see all the photos have the error loading icon associated with them (looks like the piece of paper) Trip Report If you were to see it in any of the earlier versions of Chrome all photo thumbnails loaded just fine. This error is affecting many dozens of pages from my site. I am sure there are others out there having a similar issue as well. Can you please look into getting this site an SSL certificate? Otherwise I won't really be able to use NWH anymore, and will have weeks of lost time. I would be willing to help do this if needed, and cover the cost personally if any cost is required. Thanks! Edit: I actually just found out that even in IE and Firefox the same issue persists....I didn't have the most recent version of either browser installed when I checked. frown.gif

The Pacific coast to the Great Plains = my playground!!! SummitPost Profile See my website at: http://www.lemkeclimbs.com
Back to top Reply to topic Reply with quote Send private message
Tom
Admin



Joined: 15 Dec 2001
Posts: 17835 | TRs | Pics
Tom
Admin
PostWed Sep 30, 2020 4:06 pm 
NWH uses thumbnails that are hosted on a different domain so I'd think NWH would have the same problem. Or is it because NWH is not using https so it doesn't manifest on the thumbnails that are also not htttps?

Back to top Reply to topic Reply with quote Send private message
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 2052 | TRs | Pics
Location: Grand Junction
Matt Lemke
High on the Outdoors
PostWed Sep 30, 2020 4:11 pm 
Tom, Thats correct. As an example, the html code used for displaying each NWH hosted photo on my site is shown below...every photo has the same basic code with just the source being different: <div class="pic"><a title="All the food I brought for the trip" href="https://www.nwhikers.net/forums/viewtopic.php?sid=c86dac0d9c69294a3983c72eeada38f7&amp;p=1194827#&amp;pid=45b7c126a3db09146a22d6c99ebfa4a6" target="_blank" rel="noopener" name="0" data-pid="45b7c126a3db09146a22d6c99ebfa4a6" data-c="" data-vr=""><img class="pic_thumb" src="http://www.nwhikers.org/forums/uploads/a4/a6/45b7c126a3db09146a22d6c99ebfa4a6_427x240.jpg" alt="All the food I brought for the trip" width="427" height="240" border="0" /></a> <div class="pic_caption">All the food I brought for the trip</div> Browsers I have discovered now are setup to automatically add the "s" to the http in front of all source codes before building thumbnails, and if the https version of the source doesnt exist due to the site not having the SSL cert, the thumbnail will fail to get created (at least that's how I understand it from troubleshooting). Maybe you know how to workaround this issue?

The Pacific coast to the Great Plains = my playground!!! SummitPost Profile See my website at: http://www.lemkeclimbs.com
Back to top Reply to topic Reply with quote Send private message
puzzlr
Mid Fork Rocks



Joined: 13 Feb 2007
Posts: 7216 | TRs | Pics
Location: Stuck in the middle
puzzlr
Mid Fork Rocks
PostThu Oct 01, 2020 1:05 pm 
FWIW, that Wind River Slam TR looks fine on all three browsers I tried. All are the most recent official builds and I haven't made preference settings that would affect this. Firefox 81.0.1 Chrome 85.0.4183.121 Safari 14.0 (14610.1.28.1.9) However Firefox and Chrome display a small warning in the address bar about some insecure elements. I grumpily added a free LetsEncrypt cert to my website even though there's no reason for it -- all static content with no logins. But I'd agree this is where things are going and nwhikers should probably get a cert at some point or risk having it stop working correctly with a future browser update.

Back to top Reply to topic Reply with quote Send private message
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 2052 | TRs | Pics
Location: Grand Junction
Matt Lemke
High on the Outdoors
PostThu Oct 01, 2020 1:12 pm 
Puzzlr, Wait really? That is so strange. When I tested it with a handful of different laptops, all tested with 3 of the most common browsers (IE, Firefox and Chrome) the photos never popped up. Only on my phone it worked. I even emailed some random people to check for me and they had the same issue.

The Pacific coast to the Great Plains = my playground!!! SummitPost Profile See my website at: http://www.lemkeclimbs.com
Back to top Reply to topic Reply with quote Send private message
reststep
Member
Member


Joined: 17 Dec 2001
Posts: 4757 | TRs | Pics
reststep
Member
PostThu Oct 01, 2020 5:10 pm 
They work for me Matt. I am using some version of chrome.

"The mountains are calling and I must go." - John Muir
Back to top Reply to topic Reply with quote Send private message
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 2052 | TRs | Pics
Location: Grand Junction
Matt Lemke
High on the Outdoors
PostThu Oct 01, 2020 6:12 pm 
What operating system are you guys using?

The Pacific coast to the Great Plains = my playground!!! SummitPost Profile See my website at: http://www.lemkeclimbs.com
Back to top Reply to topic Reply with quote Send private message
Josh Journey
a.k.a Josh Lewis



Joined: 01 Nov 2007
Posts: 4830 | TRs | Pics
Josh Journey
a.k.a Josh Lewis
PostThu Oct 01, 2020 7:39 pm 
On Linux using Google Chrome and Firefox everything displays fine on Matt's trip report. However on my laptop (Windows 10) when using Google Chrome at first all thumbnails loaded. Then Google Chrome auto updated. After the update all thumbnails from NWHikers would not load due to Chrome automatically parsing all image tags as https which would then fail to load any images. Upon further research many other folks have been upset about this which the only solution is having sourced images to have an SSL certificate. Because Chrome and Windows 10 are a common scenario, it's likely 50% or so people looking at Matt's trip reports will see broken images. Another site I contributed to had been hacked multiple times. SSL was installed which I haven't heard of any happening since. SSL is also important when connecting to public networks due to how easy it is to intercept login and other data when non encrypted. There are other benefits of https such as better search engine ranking, here's an article listing many benefits to SSL: https://www.bluecorona.com/blog/https-and-seo/ Installing "Let's Encrypt" on shared hosts takes less than 2 minutes. If coupled with HTTP/2 the performance boost is quite noticeable.

Back to top Reply to topic Reply with quote Send private message
puzzlr
Mid Fork Rocks



Joined: 13 Feb 2007
Posts: 7216 | TRs | Pics
Location: Stuck in the middle
puzzlr
Mid Fork Rocks
PostThu Oct 01, 2020 9:21 pm 
OS is MacOs Mojave, 10.14.6

Back to top Reply to topic Reply with quote Send private message
   All times are GMT - 8 Hours
 Reply to topic
Forum Index > Support & Feedback > Missing SSL certificate
  Happy Birthday speyguy, Bandanabraids!
Jump to:   
Search this topic:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum