Open mwichary opened 11 years ago
I believe the only way to solve this problem would be to purchase a SSL certificate and enable SSL on Heroku (which IIRC costs $36/mo).
@dthompson, any thoughts?
Not worth it, then. :·)
It looks like the SSL certificate was valid when the site was hosted on Heroku.
$ http -v https://click-that-hood.com
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: click-that-hood.com
User-Agent: HTTPie/2.5.0
http: error: SSLError: HTTPSConnectionPool(host='click-that-hood.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError("hostname 'click-that-hood.com' doesn't match '*.herokuapp.com'"))) while doing a GET request to URL: https://click-that-hood.com/
It looks like now it's hosted on an Amazon EC2 instance. Successful visitors are probably loading it with plain HTTP at the moment.
Let's Encrypt might be able to supply a free SSL certificate.
Yeah, the publicly available instance at http://click-that-hood.com/ is currently still hosted by Code for America. We will move to another machine of Code for Germany and update the DNS record once we upgrade the depencies and make Click that Hood reliably running on recent versions of node.js.
The internet has changed quite a lot in the recent 8 years. With Letsencrypt, SSL certificates are available today free of charge, so we can easily adopt one for click-that-hood.com
.
When you visit https://click-that-hood.com:
You attempted to reach click-that-hood.com, but instead you actually reached a server identifying itself as *.heroku.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of click-that-hood.com. You should not proceed, especially if you have never seen this warning before for this site.
We don’t really advertise HTTPS, but some people somehow use it anyway.