Is it possible to make your forum HTTPS...?

[snadge]

I was wanting to try and add extra security to my forum (with regards to logins happening unprotected and could be sniffed over public open wifi spots)

so I was wondering if its possible to make your SMF forum HTTPS..?

thanks in advance guys

[Arantor]

With 2.0.14 it completely is. You need to get a certificate - your host might need to be involved to make this happen.

Once you have a certificate installed, it's then possible to enable it in SMF.

[oroedel]

look at your cpanel "ssl...", my host made all sites ssl/https automatically. So you only have to change all (?) paths in smf admin to https (as Kindred mentioned in answer to my question).

[Illori]

you would also need to enable the image proxy to make all the pages show as secure.

[snadge]

in in cloud hosting but it does have encrypt option, but when i click on it t says you must purchase a certificate from the host?

i wouldnt know how to do what Illori or Oroedel says

edit: they want £50 a year for standard SSL...cant afford that just now

[Illori]

then maybe time to find a new host that supports let's encrypt which is free.

[snadge]

then maybe time to find a new host that supports let's encrypt which is free.

it does have this but warns

We will attempt to renew your certificate automatically but Let's Encrypt may fail to accept this renewal or revoke the certificate at any time, outside of our control. If your website is mission critical, we recommend purchasing an SSL from ourselves in the usual way.

if i do use Lets Encrypt and want to use cloudflare...should I enable CF first? or does CF have HTTPS?

whats your thoughts on the use of cloudflare free?

thanks

[Kindred]

Cloudflare really serves no useful purpose for a dynamic forum

[snadge]

ok i wont bother thanks, ive enabled that free Encryption tool.. awaiting been 4-5 hours and still http

[Kindred]

Activating the cert does not make you https...  you then have to make your forum use https URLs and force https in your htaccess file

[snadge]

Activating the cert does not make you https...  you then have to make your forum use https URLs and force https in your htaccess file

hhmm on the Lets Encypt website and our hosts it says just enable it on the host and wait 6 or so hours?

how would I go about doing that what you mention>?

[Kindred]

Change your forum URLs to https...   base forum URL, avatars, attachments, smilies, mods, etc

Then look up in google how to force https using htaccess... 

[snadge]

Change your forum URLs to https...   base forum URL, avatars, attachments, smilies, mods, etc

Then look up in google how to force https using htaccess... 

sounds like a lot of hard work...dont think i will bother.. i dont even know how to change the URL's

[LiroyvH]

Change your forum URLs to https...   base forum URL, avatars, attachments, smilies, mods, etc

Then look up in google how to force https using htaccess... 

sounds like a lot of hard work...dont think i will bother.. i dont even know how to change the URL's

What is repair_settings.php?

[Jailer]

It takes less than 30 seconds to get a cert from letsencrypt. If you don't have a cert after 5 or 6 hours something has gone wrong with the request and you should contact your host.

[snadge]

Change your forum URLs to https...   base forum URL, avatars, attachments, smilies, mods, etc

Then look up in google how to force https using htaccess... 

sounds like a lot of hard work...dont think i will bother.. i dont even know how to change the URL's

What is repair_settings.php?

thanks for your help everyone

but, exactly...lot of hard work ...and due to the way they make me back up (very hard), and messing up the migration from cPanel to Cloud Hosting (which is built in-house and still being improved upon) , I dont trust that if I do manage to download the backup files (ftp) and MySQL DB (which has to be done through MyPHPAdmin to create a backup, then MySQL Databases to download it), that if something goes wrong that I/They will be able to fix it..

maybe from a backup from 12-24 hours before that they make automated - so I would get it back but lose some posts...

I also have a GUIDES section made by Simple Portal 'Pages' which points too HTTP pages (and some of these have links in them that point to other HTTP guides on my site...) I made the mistake of including the full url instead of /linkofpage.html in the html code - so I would have to spend hours adjusting all that

I was under the impression the "Lets Encrypt" was something you just clicked on and it worked - most only be true for static site?

[Illori]

all lets encrypt does is give you the security certificate for your URL, it does nothing else.

[snadge]

all lets encrypt does is give you the security certificate for your URL, it does nothing else.

yup so ive found out 

thanks for the support you guys have been great helping me recently, I really do appreciate it  -  well what goes around comes around as I help others with Broadband or Computer issues on my forum lol...  in fact I practically live on forums...taken over my social life  (loser) lol

thanks again, im just gunna ask em to remove it

[Arantor]

If you remove the HTTPS part, browsers will declare your site insecure whenever a user logs in. That's really what the certificate is about: encrypting the connection so passwords aren't sent in a format others can read if they happen to examine the connection data.

[Kindred]

And it's not a lot of work. It's changing the URL in four or five places all of which are centralized in the repair settings. PHP file. The only thing you have to do is build the forced redirect into your htaccess and the code for that can be found with a simple Google search. I have no idea what you're talking about with your host and Cloud hosting backups none of this affects the actual files on your site except for the HTaccess file