SSL problems, after installation

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • dimitrios
    Senior Member
    • Oct 2008
    • 302
    • 4.1.x

    [Forum] SSL problems, after installation

    Hi all.

    Yesterday I installed SSL for my forum website ( https://xn--ixauk7au.gr )

    Now I realize that browsers are not happy about it.

    I did follow these instructions found here: https://www.vbulletin.com/forum/arti...forum-to-https
    Go to Settings > Options > Site Name / URL / Contact Details.
    Edit 'Forum URL' and add the 's' into the URL.
    For example, if your URL is http://www.contoso.com/forum, change it to https://www.contoso.com/forum

    Then go to Settings > Options > Server Settings & Optimization Options > Use Remote YUI
    Set this to Google.
    Still, Opera for example gives me:
    "Opera cannot verify the identity of the server "XXXX", due to a certificate problem. The server could be trying to trick you. etc”
    And
    “Opera blocked the unsafe content of this page…”
    (Check the attachments)

    In the meanwhile my forum is deserted and every hour passing is damaging its health.

    How can I resolve this issue?
    Thanks
  • Mark.B
    vBulletin Support
    • Feb 2004
    • 24286
    • 6.0.X

    #2
    The error is this:
    ERR_CERT_COMMON_NAME_INVALID

    The certificate has not been correctly installed. You will need to speak to your certificate provider or host.
    MARK.B
    vBulletin Support
    ------------
    My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
    My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

    Comment

    • dimitrios
      Senior Member
      • Oct 2008
      • 302
      • 4.1.x

      #3
      I talked to the host (they have a great support, 10 years now) and they tell me that the error is due to mixed content which I should take care of.

      Can you please provide pointers as to how I can correct that?

      Comment

      • djbaxter
        Senior Member
        • Aug 2006
        • 1418
        • 4.2.5

        #4
        As Mark.B said above, it looks like there is a problem with your certificate as well. Here's what I see in Firefox when I go to the link you provided https://xn--ixauk7au.gr/

        xn--ixauk7au.gr uses an invalid security certificate.
        The certificate is only valid for the following names: www.xn--qxaek7au.gr, xn--qxaek7au.gr
        Error code: SSL_ERROR_BAD_CERT_DOMAIN
        https://www.sslshopper.com/ssl-checker.html returns this for your site:
        xn--ixauk7au.gr resolves to 185.4.133.54
        Server Type: nginx
        The certificate was issued by Comodo.
        The certificate will expire in 351 days.
        The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following Comodo's Certificate Installation Instructions for your server platform (use these instructions for InstantSSL). Pay attention to the parts about Intermediate certificates.
        None of the common names in the certificate match the name that was entered (xn--ixauk7au.gr). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.
        One of the certificates is signed with a SHA1 signature. We recommend that you reissue or replace this certificate with one that uses a SHA-2 signature. Contact your SSL provider about how to do this. Read more about the SHA-1 deprecation here.
        But it's entirely likely that you have some mixed content issues as well.

        Run your URL through one or more of these - they will tell what is causing your mixed content issues and more:Usually, it's
        1. internal links in your forum or external links in the footer or in ads that are HTTP - find and edit those to either HTTPS://link or just //link
        2. or more often it's links to images on the forum using the IMG bbcode tags
        In the case of #2, use one of the following addons from vBulletin.ord:
        Psychlinks Web Services Affordable Web Design & Site Management
        Specializing in Small Businesses and vBulletin/Xenforo Forums

        Comment

        • dimitrios
          Senior Member
          • Oct 2008
          • 302
          • 4.1.x

          #5
          My host tells me "There's a green padlock so as far as our end is concerned, we are done. You need to see yourself for the rest."

          :/

          When I test it with https://www.whynopadlock.com, though, I get to see more than just "misxed content" errors.

          Check the attachment.

          Comment

          • Mark.B
            vBulletin Support
            • Feb 2004
            • 24286
            • 6.0.X

            #6
            Originally posted by dimitrios
            My host tells me "There's a green padlock so as far as our end is concerned, we are done. You need to see yourself for the rest."

            :/

            When I test it with https://www.whynopadlock.com, though, I get to see more than just "misxed content" errors.

            Check the attachment.
            If that's the best your hosts can do, the only option is to find a new host.

            MARK.B
            vBulletin Support
            ------------
            My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
            My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

            Comment

            • dimitrios
              Senior Member
              • Oct 2008
              • 302
              • 4.1.x

              #7
              My host directed me to add three lines in .htaccess but the problem remains. It's still the mix content errors included in the previous screenshot:

              Code:
              [B]Soft Failure[/B]
              
              An image with an insecure url of "http://www.xn--ixauk7au.gr/forum/images/icons/icon3.png" was loaded on line: 457 of https://www.xn--qxaek7au.gr/forum/. [HR][/HR] This URL will need to be updated to use a secure URL for your padlock to return.
              [HR][/HR][B]Soft Failure[/B]
              
              An image with an insecure url of "http://www.xn--ixauk7au.gr/forum/images/icons/icon4.png" was loaded on line: 547 of https://www.xn--qxaek7au.gr/forum/. [HR][/HR] This URL will need to be updated to use a secure URL for your padlock to return [HR][/HR][B]Soft Failure[/B]
              
              An image with an insecure url of "http://www.xn--ixauk7au.gr/forum/images/icons/icon1.png" was loaded on line: 677 of https://www.xn--qxaek7au.gr/forum/. [HR][/HR] This URL will need to be updated to use a secure URL for your padlock to return.

              I understand that I need to edit the code and replace http with https. Where can I find them, though? In which files? It's not evident in the failure messages.

              Can anyone direct me, here?


              Comment

              • Wayne Luke
                vBulletin Technical Support Lead
                • Aug 2000
                • 73981

                #8
                With mixed content, you need to make sure that all of your content (images, javascript, css, everything) is from HTTPS. This will mean editing templates and updating absolute URLS. vBulletin doesn't use any Absolute URLS by default. You shouldn't have to edit any vBulletin code to change to HTTPS.

                However, I am being told the certificate is invalid because it was issued for one domain name and is being used on another.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API

                Comment

                • dimitrios
                  Senior Member
                  • Oct 2008
                  • 302
                  • 4.1.x

                  #9
                  So, you mean I need to enter the template I'm using. But where am I to start there? Do you mean replacing every http with https? (like automatically with ctrl-H?) Are there any guidlines?

                  Originally posted by Wayne Luke
                  However, I am being told the certificate is invalid because it was issued for one domain name and is being used on another.
                  I don't think that's the case. I bought the certificate for this very domain. Why do you think it's issued for another domain? If there's evidence that this certificate was issued for another domain, plz, show that to me so that I can use it with my host, when asking them about it.

                  Thanks

                  Comment

                  • Wayne Luke
                    vBulletin Technical Support Lead
                    • Aug 2000
                    • 73981

                    #10
                    My browser states the certificate was issued to www.xn--qxaek7au.gr

                    The URL that you provided is https://xn--ixauk7au.gr

                    The two do not match.

                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud demonstration site.
                    vBulletin 5 API

                    Comment

                    • Wayne Luke
                      vBulletin Technical Support Lead
                      • Aug 2000
                      • 73981

                      #11
                      Originally posted by dimitrios
                      So, you mean I need to enter the template I'm using. But where am I to start there? Do you mean replacing every http with https? (like automatically with ctrl-H?) Are there any guidlines?
                      You need to go through every piece of HTML that you have edited and make sure that you use HTTPS. You need to go through every style variable that you have edited and make sure that you reference HTTPS. If you have changed Smilies and Post Icons from relative links to absolute links, then you have to edit each one to be HTTPS. You also need to encourage everyone to use HTTPS when including content from other sites like YouTube or image sites.

                      There are no guidelines because vBulletin does not use a single absolute link anywhere in its code. We only use relative links and base the URL on the value that you enter into the AdminCP under Settings -> Options -> Site Name / URL / Contact Details. The only guideline that I can provide is to never use absolute links anywhere.
                      Translations provided by Google.

                      Wayne Luke
                      The Rabid Badger - a vBulletin Cloud demonstration site.
                      vBulletin 5 API

                      Comment

                      • dimitrios
                        Senior Member
                        • Oct 2008
                        • 302
                        • 4.1.x

                        #12
                        Originally posted by Wayne Luke
                        My browser states the certificate was issued to www.xn--qxaek7au.gr

                        The URL that you provided is https://xn--ixauk7au.gr

                        The two do not match.
                        Indeed. The problem was that I have a greekdomain name (λέσχη.gr) and an alias for it (λεσχη.gr, without the stress) and that caused a mixed set of troubles.

                        I disabled the Comodo certificate and set up "Let's Encrypt" instead and things seem to go better.

                        In addition, I found out that I had a couple of absotute links in some emoticons and changed them all to relative ones.

                        I also checked rank icons, and post icons. These all seem to be ok.

                        Yet, in the landing page, this icon here: Click image for larger version  Name:	icon1.png Views:	1 Size:	609 Bytes ID:	4402809 and even though I have set a relative link for it, in the admincp, it appears with http (instead of https)

                        As a test, I changed in the admincp the link, to point to a different icon, and only one of the images on the landing page was affected.

                        What is going wrong, here?

                        Thanks
                        Last edited by dimitrios; Tue 20 Nov '18, 4:27am.

                        Comment

                        • Wayne Luke
                          vBulletin Technical Support Lead
                          • Aug 2000
                          • 73981

                          #13
                          Settings -> Options. Then either Forum Display Options or Thread Display Options. (I don't have a viable vB4 at this minute.) You can change the URL for the default icon or remove it altogether.
                          Translations provided by Google.

                          Wayne Luke
                          The Rabid Badger - a vBulletin Cloud demonstration site.
                          vBulletin 5 API

                          Comment

                          • dimitrios
                            Senior Member
                            • Oct 2008
                            • 302
                            • 4.1.x

                            #14
                            It was in the Thread Display Options, indeed.
                            I corrected it and now I don't have any mixed content problems anymore. Thanks!

                            Now whynopadlock.com seems to be happy about mixed content ("You have no mixed content") but there's still something that seems to go wrong ("The SSL certificate tests failed. Please be sure that you can connect to your site over SSL and try again") for both variants of the domainname.

                            What can be wrong? Is there a tool that gives more elaborate messages about it?

                            Thanks

                            Comment

                            • dimitrios
                              Senior Member
                              • Oct 2008
                              • 302
                              • 4.1.x

                              #15
                              My host says that everything is fine, and shows me another checker that seem to be happy.

                              Comment

                              Related Topics

                              Collapse

                              Working...