News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Browser forces HTTPS for HTTP forum sometimes

Started by Sono, May 27, 2022, 05:51:15 AM

Previous topic - Next topic

shawnb61

My suspicion is you have https in your browser history and your browser is attempting to being helpful.

Try clearing browser history.


And get a cert.  Https conversions aren't difficult.  There is usually a gotcha - but easily remedied.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Sono

Maybe it is the virus scanner. I switched it off yesterday, tested my problem sites, and then the browser error message came up instead. It is a message saying that your connection is not private. Like this:
https://www.hostinger.com/tutorials/wp-content/uploads/sites/2/2021/12/opera-your-connection-is-not-private-1.webp

But I have just checked it again, switching the virus scanner off, and now it works for me as well. But it was doing this with ESET installed as well, not just with Kaspersky. So it is a problem even so in a wider circumstance. But I don't understand where the scanners get the certificate info from? I have not used Kaspersky when the forum was accidentally on SSL, so where did it get the info about the certificate being issued? The certificate was at the company it detects, it is only the dates that are incorrect. Maybe I need to ask this in the virus scanner forum.

Sono

Quote from: shawnb61 on May 27, 2022, 01:28:12 PMMy suspicion is you have https in your browser history and your browser is attempting to being helpful.

Try clearing browser history.


And get a cert.  Https conversions aren't difficult.  There is usually a gotcha - but easily remedied.

No, that is not the source of problems. Has just installed Brave, never used it before, the same issue. But switching the virus scanner off today does make a difference. Yesterday it had no effect.

Kindred

Rather than waste more time with this deadend problem, just get a certificate and use https
Слова
Украина

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Sono

Which is the most recent HTTP to HTTPS article? I have 2.0.9. Which one is suitable for this?

Kindred

Install a cert
Using repair_settings.php, access the site using https and change all of your urls to https

Force https in your. htaccess if desired

Done

If you have trouble with old images, turn on the proxy and/or change the img]http values in the database smf_messages, body field to be img]https
Слова
Украина

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Sono

Quote from: Kindred on May 27, 2022, 01:47:13 PMInstall a cert
Using repair_settings.php, access the site using https and change all of your urls to https

Force https in your. htaccess if desired

Done

If you have trouble with old images, turn on the proxy and/or change the img]http values in the database smf_messages, body field to be img]https

Thanks!

Arantor

Quote from: Sono on May 27, 2022, 01:41:35 PMI have 2.0.9.

I hope you mean 2.0.19.

2.0.9 is years old and will have all sorts of issues with HTTPS because it predates the big move to HTTPS across the web. And has a number of security holes that need fixing too.


Sono

By the way, it seems I may have found the problem:

It seems Windows stores these SSL certificates, and on computers where these HTTP sites were loaded once when they were still on HTTPS, this can confuse the virus scanner or the browsers, and interpret the site HTTPS, even if the SSL certificate has long been cancelled. See this image, this is my certificate list in Windows:



You can see a Comodo certificate in the middle. That was the only Comodo certificate I ever obtained, when I accidentally installed one on my forum. Back then I was in the middle of migrating the site, I remember I loaded it on all my computers to test it in various environments. I think that was the time when the certificate got on my computers, and was left there. So here in the house, no matter on which computer I checked the site on, this error occured. I have just borrowed a laptop from my friend, and indeed, on his laptop this is not an issue. Because he does not have the certificate saved.

You can also see on the photo that the Comodo certificate validity ends in 2038 according to Windows, so maybe that's why virus scanners or browsers still insist on it. I wonder if I delete that what happens?

This is quite annoying anyway, because I have been trying to find a solution for this for years, when it turns out this problem presists only in my house. But people did not know about this protocol of storing SSL certificates. Everyone I asked directed me to the hosting provider.

Sono

Quote from: Arantor on May 27, 2022, 04:06:29 PM
Quote from: Sono on May 27, 2022, 01:41:35 PMI have 2.0.9.

I hope you mean 2.0.19.

2.0.9 is years old and will have all sorts of issues with HTTPS because it predates the big move to HTTPS across the web. And has a number of security holes that need fixing too.

Sadly, but have to inform you it is .9  O:)

Arantor

Then you need to upgrade to the version that isn't 10 versions behind before you go any further. If nothing else, to include the security fixes that are there.

Sono

Quote from: Arantor on May 27, 2022, 04:48:54 PMThen you need to upgrade to the version that isn't 10 versions behind before you go any further. If nothing else, to include the security fixes that are there.

I have been planning to do this, but my mobile theme complicates the update on every new version. Lots of tweaking is needed every time.

Oldiesmann

If you're using the old SMF4Mobile thing, just uninstall it and go with a responsive theme (there are several available on the theme site that work with 2.0). You'll get mobile friendly design without the hassles of having to modify/tweak stuff every time there's a new version.

Alternately you could upgrade to 2.1, which is responsive by default, but that would depend on your wishes and also what mods you've got installed.
Michael Eshom
Christian Metal Fans

Advertisement: