Forum Index > Support & Feedback > Missing SSL certificate
Previous :: Next Topic  
Author Message
zimmertr
TJ Zimmerman



Joined: 24 Jun 2018
Posts: 94 | TRs
Location: Seattle
zimmertr
  Top

TJ Zimmerman
PostMon Jan 07, 2019 1:02 pm 
Reply to topic Reply with quote
Hello, NWHikers does not currently have an active SSL certificate. This opens a lot of pretty dangerous security issues that could compromise the future of this forum. I am a system engineer so I can assist in configuring the site with an SSL certificate if needed.

If funding is a problem, Lets Encrypt offers free SSL certificates and the procedure is automated via many tools. One of which is certbot. https://certbot.eff.org/
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
Jaberwock
Member
Member


Joined: 30 Jan 2013
Posts: 695 | TRs
Location: Bellingham
Jaberwock
  Top

Member
PostMon Jan 07, 2019 8:09 pm 
Reply to topic Reply with quote
Maybe you could help Tom move to Flarum while you're at it?
Back to top
View user's profile Search for posts by this user Send private message Reply to topic Reply with quote
neek
Member
Member


Joined: 12 Sep 2011
Posts: 1388 | TRs
Location: Seattle, WA
neek
  Top

Member
PostTue Jan 08, 2019 10:09 am 
Reply to topic Reply with quote
Early beta, written by a kid in med school?  Hmm...

Login creds are sent in cleartext, so no one should use the same password elsewhere.  (Of course you shouldn't do this anyway.)  HTTPS would be a good first step, but can be expensive.
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
zimmertr
TJ Zimmerman



Joined: 24 Jun 2018
Posts: 94 | TRs
Location: Seattle
zimmertr
  Top

TJ Zimmerman
PostTue Jan 08, 2019 11:04 am 
Reply to topic Reply with quote
I agree that a forum software migration isn't in order but it is trivial to add a free SSL certificate to a website that is automatically rotated with a cronjob. And I would be willing to help as well, of course.

It's not an exercise in moderate security. It's a necessity on the modern internet.
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
Tom
Admin



Joined: 15 Dec 2001
Posts: 16559 | TRs

Tom
  Top

Admin
PostTue Jan 08, 2019 12:45 pm 
Reply to topic Reply with quote
I can look into it.  Have some other priorities right now (preserving a half million flickr images).  And yeah, not moving to flarum (looked good a few years ago but there are better options out there).
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
zimmertr
TJ Zimmerman



Joined: 24 Jun 2018
Posts: 94 | TRs
Location: Seattle
zimmertr
  Top

TJ Zimmerman
PostTue Jan 08, 2019 12:47 pm 
Reply to topic Reply with quote
Good luck Tom. frown.gif Sounds rough.
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 1960 | TRs
Location: My van
Matt Lemke
  Top

High on the Outdoors
PostWed Sep 30, 2020 2:25 pm 
Reply to topic Reply with quote
Tom,

I am bringing this back from the dead because I have a pretty big issue. As you know I use NWHikers almost exclusively for my trip reports, and I then copy the html to my personal website. The newest version of Google Chrome (Version 85) now prevents photos hosted from websites not having an SSL certificate to be displayed on other websites as both thumbnails, or as larger photos . Because of this, many reports from my website will not show any photos because Chrome sees they are not from a trusted website. They are blocked from loading, unless you click the link for each photo, then it will actually load the NWH page in a new tab (but that's annoying to do). For now, other browsers don't have this as a feature, but I worry that other browsers will soon follow suit since Chrome is the worlds most popular browser.

It will quite literally take me weeks of time to re-write these reports on Weebly (the location I host my website on) to include every photo manually. This is why I periodically email you about the longevity of NWH because I also personally have a lot of time invested using it.

For an example, if you view the following page in version 85 of Google Chrome, you will see all the photos have the error loading icon associated with them (looks like the piece of paper)

Trip Report

If you were to see it in any of the earlier versions of Chrome all photo thumbnails loaded just fine. This error is affecting many dozens of pages from my site. I am sure there are others out there having a similar issue as well.

Can you please look into getting this site an SSL certificate? Otherwise I won't really be able to use NWH anymore, and will have weeks of lost time. I would be willing to help do this if needed, and cover the cost personally if any cost is required.

Thanks!

Edit:

I actually just found out that even in IE and Firefox the same issue persists....I didn't have the most recent version of either browser installed when I checked.  frown.gif

--------------
The Pacific coast to the Great Plains = my playground!!!
SummitPost Profile
See my website at:
http://www.lemkeclimbs.com
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
Tom
Admin



Joined: 15 Dec 2001
Posts: 16559 | TRs

Tom
  Top

Admin
PostWed Sep 30, 2020 4:06 pm 
Reply to topic Reply with quote
NWH uses thumbnails that are hosted on a different domain so I'd think NWH would have the same problem.  Or is it because NWH is not using https so it doesn't manifest on the thumbnails that are also not htttps?
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 1960 | TRs
Location: My van
Matt Lemke
  Top

High on the Outdoors
PostWed Sep 30, 2020 4:11 pm 
Reply to topic Reply with quote
Tom,

Thats correct. As an example, the html code used for displaying each NWH hosted photo on my site is shown below...every photo has the same basic code with just the source being different:

<div class="pic"><a title="All the food I brought for the trip" href="http://www.nwhikers.net/forums/viewtopic.php?sid=c86dac0d9c69294a3983c72eeada38f7&amp;p=1194827#&amp;pid=45b7c126a3db09146a22d6c99ebfa4a6" target="_blank" rel="noopener" name="0" data-pid="45b7c126a3db09146a22d6c99ebfa4a6" data-c="" data-vr=""><img class="pic_thumb" src="http://www.nwhikers.org/forums/uploads/a4/a6/45b7c126a3db09146a22d6c99ebfa4a6_427x240.jpg" alt="All the food I brought for the trip" width="427" height="240" border="0" /></a>
<div class="pic_caption">All the food I brought for the trip</div>

Browsers I have discovered now are setup to automatically add the "s" to the http in front of all source codes before building thumbnails, and if the https version of the source doesnt exist due to the site not having the SSL cert, the thumbnail will fail to get created (at least that's how I understand it from troubleshooting).

Maybe you know how to workaround this issue?

--------------
The Pacific coast to the Great Plains = my playground!!!
SummitPost Profile
See my website at:
http://www.lemkeclimbs.com
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
puzzlr
Mid Fork Rocks



Joined: 13 Feb 2007
Posts: 6727 | TRs
Location: Stuck in the middle
puzzlr
  Top

Mid Fork Rocks
PostThu Oct 01, 2020 1:05 pm 
Reply to topic Reply with quote
FWIW, that Wind River Slam TR looks fine on all three browsers I tried. All are the most recent official builds and I haven't made preference settings that would affect this.

Firefox 81.0.1
Chrome 85.0.4183.121
Safari 14.0 (14610.1.28.1.9)

However Firefox and Chrome display a small warning in the address bar about some insecure elements.

I grumpily added a free LetsEncrypt cert to my website even though there's no reason for it -- all static content with no logins. But I'd agree this is where things are going and nwhikers should probably get a cert at some point or risk having it stop working correctly with a future browser update.

--------------
Mid Fork Rocks flickr
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 1960 | TRs
Location: My van
Matt Lemke
  Top

High on the Outdoors
PostThu Oct 01, 2020 1:12 pm 
Reply to topic Reply with quote
Puzzlr,

Wait really? That is so strange. When I tested it with a handful of different laptops, all tested with 3 of the most common browsers (IE, Firefox and Chrome) the photos never popped up. Only on my phone it worked. I even emailed some random people to check for me and they had the same issue.

--------------
The Pacific coast to the Great Plains = my playground!!!
SummitPost Profile
See my website at:
http://www.lemkeclimbs.com
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
reststep
Member
Member


Joined: 17 Dec 2001
Posts: 4452 | TRs

reststep
  Top

Member
PostThu Oct 01, 2020 5:10 pm 
Reply to topic Reply with quote
They work for me Matt. I am using some version of chrome.

--------------
"The mountains are calling and I must go." - John Muir
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
Matt Lemke
High on the Outdoors



Joined: 15 Jul 2010
Posts: 1960 | TRs
Location: My van
Matt Lemke
  Top

High on the Outdoors
PostThu Oct 01, 2020 6:12 pm 
Reply to topic Reply with quote
What operating system are you guys using?

--------------
The Pacific coast to the Great Plains = my playground!!!
SummitPost Profile
See my website at:
http://www.lemkeclimbs.com
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
Josh Lewis
Snowy Salvation



Joined: 01 Nov 2007
Posts: 4664 | TRs

Josh Lewis
  Top

Snowy Salvation
PostThu Oct 01, 2020 7:39 pm 
Reply to topic Reply with quote
On Linux using Google Chrome and Firefox everything displays fine on Matt's trip report. However on my laptop (Windows 10) when using Google Chrome at first all thumbnails loaded. Then Google Chrome auto updated. After the update all thumbnails from NWHikers would not load due to Chrome automatically parsing all image tags as https which would then fail to load any images. Upon further research many other folks have been upset about this which the only solution is having sourced images to have an SSL certificate. Because Chrome and Windows 10 are a common scenario, it's likely 50% or so people looking at Matt's trip reports will see broken images.

Another site I contributed to had been hacked multiple times. SSL was installed which I haven't heard of any happening since. SSL is also important when connecting to public networks due to how easy it is to intercept login and other data when non encrypted. There are other benefits of https such as better search engine ranking, here's an article listing many benefits to SSL: https://www.bluecorona.com/blog/https-and-seo/

Installing "Let's Encrypt" on shared hosts takes less than 2 minutes. If coupled with HTTP/2 the performance boost is quite noticeable.

--------------
TrailTopo
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
puzzlr
Mid Fork Rocks



Joined: 13 Feb 2007
Posts: 6727 | TRs
Location: Stuck in the middle
puzzlr
  Top

Mid Fork Rocks
PostThu Oct 01, 2020 9:21 pm 
Reply to topic Reply with quote
OS is MacOs Mojave, 10.14.6

--------------
Mid Fork Rocks flickr
Back to top
View user's profile Search for posts by this user Send private message Send e-mail Reply to topic Reply with quote
  Display:     All times are GMT - 8 Hours
Forum Index > Support & Feedback > Missing SSL certificate
  Happy Birthday uproar!
Jump to:   
Search this topic:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
   Use Disclaimer Powered by phpBB Privacy Policy