I have successfully setup ssl
The redirecting from http to https is successful as well
But in my site, some webpages have the padlock and some dont
Although every page is redirected to https from http, some pages are still not secure. What can be the reason?
This is the result from WhyNotPadlock
https://www.whynopadlock.com/results/895057dd-2a4a-480a-b8a7-4bc6f9371bca
Can the reason be that im using TLS version 1?
If yes, can somebody please tell me how to upgrade it to 1.2 or 1.3. Im using AWS EC2 Linux for hosting
If that's not the reason, what is it and how to solve it?
The problem wasn't with TLS or SSL Certiicate. I had links to http sites in those subdomains which was the reason for no Padlock. Sorry
Related
For some reason, even though I'm using the free dyno, my website still redirects http to https. This is what I want to happen, but I just don't understand why it is, since doesn't this only work for paid dynos?
(I'm using Django and followed this guide to do the redirecting.)
But why does HTTPS work at all? Don't I need a certificate/paid dyno for that? I'm using a Heroku subdomain.
Since you are using a .herokuapp.com subdomain you automatically get HTTPS support, even on free dynos:
SSL is always enabled for .herokuapp.com for Common Runtime apps.
You only need to use ACM, SSL, or the SSL Endpoint for custom domains. And yes, this is included with paid dynos.
I need to host my Django application using gunicorn on Cloudfoundry on port 443, HTTPS.
I am getting error:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised.
Which is resulting into Internal server error.
How should I add add SSL.
What are server.cert and server.key files? How to add them.
I am getting error:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised.
I don't believe this is related. See this SO post for more details on the error.
Suppress InsecureRequestWarning: Unverified HTTPS request is being made in Python2.6
As far as handling HTTPS for your app on Cloud Foundry, good news, there's nothing you need to do. Cloud Foundry will handle TLS termination for incoming requests to your apps. That's it.
If you're curious about the details, there are a lot of them at the following link. The details do depend on how your platform operator has set up TLS termination, so you could also talk with them if you have questions.
https://docs.cloudfoundry.org/adminguide/securing-traffic.html
Hope that helps!
So I have a very weird problem, I have a website and when I'm connected through wifi everything is fine, chrome and Mozilla are loading my website.
But when I switch to LTE internet my website is working fine only on Mozilla. Chrome is throwing ERR_CONNECTION_RESET error. I tried turning off firewall and restarting the server, but it doesn't change anything. The website was made in Django.
On the other hand, when I'm connecting directly to IP, it's working (I see 404 from apache, but that's because it's configurated to work with domain).
I'm using also certbot, but it's not looking like certbot fault. It's rather something connected with domain configuration.
I'm using OVH services both for server and domain. In domain I added only ip4 and ip6, DNS servers were left in the default configuration.
Ok, so to fix it I removed IPv6 redirect from the domain. And now it's working. I hope that it will help someone :)
I am trying to use facebook sdk for facebook login.
I gave http://localhost as Valid OAuth Redirect URIs but it throws the following error
HTTPS is required for all Redirect URIs.
I used this future few days ago it worked fine. but now it throws this error
And I am not able to disable
Enforce HTTPS
option
I ran into this issue with my Rails app that I usually run with http://localhost:3000.
To use https, I used ngrok which allows you to use https by providing a tunnel. To do this:
I went to their website and downloaded their program
I extracted the file for the program
In my console, I went into the directory where ngrok was extracted to and entered 'grok http 3000' on my Windows machine, others may use './grok http 3000'
After entering that, ngrok provided a https address which I put into the Valid OAuth Redirect URIs field in Facebook
Then I started my server and was able to access it using that https address instead of localhost:3000
yep, they changed that recently :-(
For testing the login flow locally I installed a self-signed certificate
https://letsencrypt.org/docs/certificates-for-localhost/
btw, I doesn't have to be trusted by the browser if you're OK with a one time security warning.
Don't use this certificate in production!
I've been trying to figure this out for a while now and nothing I've found has really been helping.
I've got a remote Linux server running with Apache installed, and right now everything going to the server is redirected to HTTPS through Apache. This all works fine and I can access the files I need to normally, but now I'd like to also add in a Django site to my server under a new "subdomain". (For example I'd like to still be able to access non-Django files as usual 'https://www.thesite.com/path/to/file.php' and also be able to access the Django site like 'https://www.thesite.com/djangosite/some/site/page')
Could someone please give me some direction as to how I'd be able to do this? I can supply more information if it's needed.
Thanks in advance!
Edit 1: The Django server seems to dislike connecting via HTTPS and I'm getting an error that it can only support HTTP, but I need it because I want the site to be secure, and currently Apache is redirecting all HTTP requests to HTTPS, so do I need some other method of making it work?
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
Check out SNI and also potentially wild card certificates