HTTPS

[John Taylor]

I know as a forum that it's not the biggest deal in the world that the site still uses http, but I was wondering if @Chuckster70 will convert AW to https eventually since all the cool kids are doing it (Also it's more secure). I don't know who the hosting provider is on the backend and if they provide SSL certs as part of the hosting package, but if you need to purchase an SSL cert to move over to https I'd be happy to pitch in for the purchase.

 

Right now it looks like a self signed cert when using https:

 

[Chuck]

Resolved! 

SSL and Cookies popup gone! 

[Chuck]

Hi @John Taylor I actually looked into this with GoDaddy on a couple of occasions and almost pulled the trigger, but the cost was $175 a year and I thought that was pretty steep for the tradeoff. $100 for the HTTPS secure SSL and $75 for the installation from the GoDaddy guys.

That said, I'm thinking of doing this in the future so it's back on the table again. Donations are always welcomed too.  

[AngelsLakersFan]

I use Let's Encrypt which is a free method of doing it. The only downside is that you have to install and maintain it yourself, which for me means opening up the terminal and running a line of code and then copy/pasting the output onto my server 4 times a year. There may be a way to automate it fully but Im not quite that smart.

In the last year or so Ive had a few people start balking at the http protocol on my wordpress site, even though they never had issues with it before. Yes if you are connecting over http it is possible for someone to spoof the connection and read your submitted password, Im not particularly worried that someone wants to hijack this account though.

[John Taylor]

6 hours ago, Chuckster70 said:

Hi @John Taylor I actually looked into this with GoDaddy on a couple of occasions and almost pulled the trigger, but the cost was $175 a year and I thought that was pretty steep for the tradeoff. $100 for the HTTPS secure SSL and $75 for the installation from the GoDaddy guys.

That said, I'm thinking of doing this in the future so it's back on the table again. Donations are always welcomed too.  

If GoDaddy charges $75 a pop for Certificate installation than I need to quit my job and just do that for a living. I actually manage all my company's websites and SSL certs (We buy ours from GoDaddy as well.)

 

Is GoDaddy your hosting company?

 

Here are all the SSL certs I'm stuck managing at work. My company is bound by PCI and HIPAA so we have to buy certs from a trusted Certificate Authority (GoDaddy) or else I would do the LetsEncrypt as well.:

 

 

For AW I would recommend a 2 or 3 year UCC SSL, its important to get a UCC cert that you add all possible website combinations in the cert (like both www.angelswin-forum.com and angelswin-forum.com) and any other hostnames that might redirect to the site. Also its easier to not have to manage the certificate every year, so i generally do 2 or 3 year certs.

 

When you're ready to pull the trigger feel free to shoot me a message if you have any questions. I'll send a donation to your paypal to help with the cost sometime this month.

 

The only shitty thing is that you consistently have to renew the certs on 2 or 3 year intervals depending on which cert you buy which means you consistently have to pay money so your site does this:

 

instead of this:

 

And its a forum so its not like Credit Card info or PHI is being transmitted here, but a pretty skilled hacker could be able to find out that TDawg's forum password is "ILoveChuck247"

 

 

[Lou]

Can any of you nerds make the Cookie tab go away permanently?

[AngelsLakersFan]

1 hour ago, Lou said:

Can any of you nerds make the Cookie tab go away permanently?

Yes

[Chuck]

@John Taylor I'm back from vacation, when you get a chance let's have a phone chat. 

I would like to do this. 

[Lou]

On 6/12/2019 at 6:33 PM, Lou said:

Can any of you nerds make the Cookie tab go away permanently?

 

On 6/12/2019 at 8:04 PM, AngelsLakersFan said:

Yes

 

Still waiting . . . 

[John Taylor]

6 hours ago, Chuckster70 said:

@John Taylor I'm back from vacation, when you get a chance let's have a phone chat. 

I would like to do this. 

Sounds like a plan. I work straight through until Sunday, but I'm free Sunday night or Monday anytime to talk. Also I didn't forget about the fact I promised an AW donation, lol

 

I still have your cell in my phone, so I'll shoot you a text sometime this weekend to touch base.

[Blarg]

8 hours ago, Lou said:

 

 

Still waiting . . . 

Set your device's power switch to off.

You're welcome.

[Chuck]

On 6/27/2019 at 12:16 PM, Lou said:

 

 

Still waiting . . . 

Should be fixed as soon as I upgrade my server to PHP 7x and then upgrade the forum software. 

@Thomas is a Linux/PHP guy so he's going to help with the PHP upgrade soon. 

[Chuck]

On 6/27/2019 at 12:16 PM, Lou said:

 

 

Still waiting . . . 

@Lou try choosing the option to "New Icognito Tab" and then enter the forums address, sign in and it should go away. 

A good workaround until I upgrade the website. 

[Lou]

Too much work. You obviously underestimate my level of laziness.

[John Taylor]

On 6/30/2019 at 10:32 PM, Chuckster70 said:

Should be fixed as soon as I upgrade my server to PHP 7x and then upgrade the forum software. 

@Thomas is a Linux/PHP guy so he's going to help with the PHP upgrade soon. 

Sorry @Chuckster70 obviously this week ended up being a bad week for all of us. Don't worry it's still on my radar.

Let's revisit this hopefully this coming up week. My only concern looking at the quote above is that I have no experience with certs on PHP, as my company is exclusively IIS (Windows Server).

The good news is the process of doing a cert (Fill out cert info including SAN, Generate CSR from PHP,  paste it in GoDaddy, generate cert, import cert in PHP, configure HTTP redirect to HTTPS) is fairly similar. So I'm happy to help in any small way I can.

Edited July 4, 2019 by John Taylor

[Slegnaac]

On 7/1/2019 at 8:14 PM, Lou said:

Too much work. You obviously underestimate my level of laziness.

@Chuckster70 suggestion of incognito worked for me.  No more cookie tab.  The hardest part was remembering my password.

[Lou]

7 hours ago, Slegnaac said:

@Chuckster70 suggestion of incognito worked for me.  No more cookie tab.  The hardest part was remembering my password.

Was it "password"?

[Lou]

On 7/28/2019 at 6:47 AM, Slegnaac said:

@Chuckster70 suggestion of incognito worked for me.  No more cookie tab.  The hardest part was remembering my password.

Didn't work.

Seriously, how difficult is this? This is literally the only site that I have this problem.

[Chuck]

1 hour ago, Lou said:

Didn't work.

Seriously, how difficult is this? This is literally the only site that I have this problem.

It's some issue with Google Chrome and this website. It goes away when using Google Chrome in Incognito for most. It never shows up in Mozilla Firefox or the Samsung Browser, nor does it in Microsoft 10's Edge browser from my testing. 

Weird. 

[Chuck]

@Lou, I was getting the Cookie Policy pop up on my desktop browser until I just disabled pop-ups. 

So do this on your mobile device or desktop browser. 

Go and delete all of your cookies. Then disable your pop up browser. You shouldn't see the pop ups anymore. If you do, I dunno why but you shouldn't. 

[Lou]

I always have pop-ups disabled 

[Chuck]

8 hours ago, Lou said:

I always have pop-ups disabled 

Try turning on pop ups. Clearing cache/cookies, then disable pop ups. Then re-login back to the forums here. That worked for me on regular chrome. 

Still cannot repro this in Firefox, Edge browsers or the Samsung native browser. Only in Google Chrome. 

[Tank]

18 hours ago, Lou said:

I always have pop-ups disabled 

unfortunately, that's what she said...

[Lou]

1 hour ago, Tank said:

unfortunately, that's what she said...

I was trying to watch The Tudors!