When user open Login Page, "Connection is not secure" is displayed.

[Shivakumarbv]

Environment :- Windows 7, Mozilla Firefox Browser Module :- Login Credentials :- johnCarter@mailinator.com Priority :- Normal

Steps to reproduce :- 1.Open Javul Site. 2.Click on Login and observe.

Actual Result :- When user open Login Page, "Connection is not secure" is displayed. Expected Result :- When user open Login Page, "Connection is not secure" should not be displayed.

Screenshot :-

[acipher]

This is because we do not have SSL installed. @javulorg can you review this?

[javulorg]

hi Anant, I guess it would be a good thing to install an SSL certificate. When I search ""linode installing ssl", I found this video: https://www.youtube.com/watch?v=JciwYHqtJm4 Looking at the youtube comments it looks like it was easier following the directions there compared to other sources. I hope its not too difficult. Let me know.

[javulorg]

Do we have to do some settings for the SSL to create a valid connection?

On the topic of logins, it looks like the user is currently logged out after 1 hour or so. Can the login/cookie expiration be done indefinitely?

[acipher]

For SSL, I have followed the letsencrypt instructions but its not applying to http://javul.org. Though its working for https://www.javul.org/ (with www). I have checked possible solutions on their forums but they are not working. see here https://i.imgur.com/mTnz7Uu.png

https://community.letsencrypt.org/t/dns-challenge-failing-nxdomain-looking-up-txt/10156 https://community.letsencrypt.org/t/solved-dns-problem-nxdomain-looking-up-txt-for-acme-challenge/70102/3

[javulorg]

I searched a bit on this topic for the search term "ssl not working without www" and found this link: https://really-simple-ssl.com/forums/topic/https-www-to-non-www-not-working/ Another: https://serverfault.com/questions/738883/ssl-certificate-non-www-not-working

The first site talks about a website that tests SSL: https://www.ssllabs.com/ssltest/analyze.html?d=javul.org&hideResults=on

Could it have something to do with how its setup for Linode servers? Search results for this Google term: ssl site:linode.com

[acipher]

I tried with few more solution. It shows successful but not working see here https://i.imgur.com/blTzrIL.png

Can we get it checked by system admin? FYI: this can be done from http://javul.org:10000 webmin panel.

[javulorg]

I'm thinking Linode admins might not be able to help if its an issue with LetsEncrypt or a configuration issue, for example here's a comment on one thread on LetsEncrypt: As Linode is a VPS service, they have completely no responsibility regarding the support of software on their platform; that is the total responsibility of the user.

Here's Linode's documentation to help with LetsEncrypt: https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates/

When I do the SSL check: https://www.ssllabs.com/ssltest/analyze.html?d=javul.org&s=45.33.99.195&hideResults=on&ignoreMismatch=on It says: Alternative names:  INVALID

When I search "alternative names LetsEncrypt", there's this thread: https://community.letsencrypt.org/t/alternative-names-issue/51546

And this might be the most useful. Google search results for the query: not working without www site:letsencrypt.org From the first link in this search, someone says: "you’ll need to issue a new cert covering both *.example.com and example.com."

I think there are good links for that 'www' search query. Hopefully one of those have a solution. For example in this link the user's problem was resolved. In that link someone said "Could you run certbot certificates please and post the output here?"

What is good is that at least its working with www, as you mentioned, so thats good.

Posting a help note on the letsencrypt might be useful if these 'www' search query related forum links dont help: https://community.letsencrypt.org/

[javulorg]

SSL was fixed.