Forum Admin Forum

GW2

GW2

Active member
This is what I see using Edge. The site looks completely secure. I have FF on another one of my home computers. I will check it out later and provide the results.

1672182227403.png
1672182276004.png

1672182321788.png
 
FTL

FTL

Well-known member
Shawn Gossman said:
I went to this site by Mozilla:

Mozilla Observatory

The Mozilla Observatory is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.
observatory.mozilla.org observatory.mozilla.org

Put in my domain name and scanned it.

Got this as a response:

View attachment 279047

I think Mozilla doesn't recognize "Let's Encrypt" as a trusted source. If so, that's odd. It's a reliable NPO-based certificate issuer that loads of websites use.

I could be wrong but that is what I suspect...
Click to expand...
Oh no, Firefox works fine with Let's Encrypt, it's not that. For the record, my site doesn't get an especially good score either (nerdzone.uk) but works fine in FF. It also uses LE.

The scan tool's message "This site uses an untrusted or invalid certificate" shouldn't be ignored and is why FF is reporting the site as insecure.
 
Last edited:
FTL

FTL

Well-known member
@GW2 Nothing wrong with that. However, if you're not familiar with Let's Encrypt, it's worth checking it out and seeing if it's for you.

Key features:
  • Completely free
  • Backed by the biggest names like Amazon, Microsoft and Oracle. Note that XF Cloud uses them for their clients too, so that's a reliable endorsement as well
  • Completely automated certificate installation and renewal. Basically, set it and forget it. Note the initial setup can vary in complexity though depending on the server you're using
  • All SSL certs expire after 3 months, making them more secure against hacking

Let's Encrypt

Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).
letsencrypt.org

EDIT

And then there's this. Oh dear...

medium.com

Why Let’s Encrypt is a really, really, really bad idea…

Did I mention it was a really bad idea???
medium.com medium.com
 
Last edited:
MQK8

MQK8

Active member
GW2 said:
So, it appears something is amiss with Fire Fox.
Click to expand...
I had the same exact problem, Chrome, Microsoft and all browsers showed site secure except for Fire Fox, I couldn't figure it out. So I simply revoked (deleted) the key in Cloudflare, created a new key in Origin in Cloudflare and updated the Certificate and Private key in my cpanel under the appropriate domain, and it's worked ever since. Worth a try maybe.
 
GW2

GW2

Active member
FTL said:
@GW2 Nothing wrong with that. However, if you're not familiar with Let's Encrypt, it's worth checking it out and seeing if it's for you.

Key features:
  • Completely free
  • Backed by the biggest names like Amazon, Microsoft and Oracle. Note that XF Cloud uses them for their clients too, so that's a reliable endorsement as well
  • Completely automated certificate installation and renewal. Basically, set it and forget it. Note the initial setup can vary in complexity though depending on the server you're using
  • All SSL certs expire after 3 months, making them more secure against hacking

Let's Encrypt

Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).
letsencrypt.org

EDIT

And then there's this. Oh dear...

medium.com

Why Let’s Encrypt is a really, really, really bad idea…

Did I mention it was a really bad idea???
medium.com medium.com
Click to expand...
Thank you for those tips regarding a free Let's Encrypt SSL certificate. In my case, $50 every 2 years for a paid Trustico SSL cert. is probably worth the cost as it saves our admins (mostly me) the time & effort needed to renew every 3 months. I renew and forget about it for 2 years. Of course after 2 years have passed, I have totally forgotten how to renew it. So, renewing every 3 months does have it's advantages. :)
 
FTL

FTL

Well-known member
GW2 said:
Thank you for those tips regarding a free Let's Encrypt SSL certificate. In my case, $50 every 2 years for a paid Trustico SSL cert. is probably worth the cost as it saves our admins (mostly me) the time & effort needed to renew every 3 months. I renew and forget about it for 2 years. Of course after 2 years have passed, I have totally forgotten how to renew it. So, renewing every 3 months does have it's advantages. :)
Click to expand...
Thing is, the renewal is fully automated, as per my post, so that's not an issue. Do have a look at the website and see what you think of it.

I've read again that article and while it does make some good points, I don't think it's enough not to use it. I haven't seen any other articles warning of the risks of LE and since XF uses it in their cloud installations, I'm pretty sure it's ok.
 
GW2

GW2

Active member
FTL said:
Thing is, the renewal is fully automated, as per my post, so that's not an issue. Do have a look at the website and see what you think of it.

I've read again that article and while it does make some good points, I don't think it's enough not to use it. I haven't seen any other articles warning of the risks of LE and since XF uses it in their cloud installations, I'm pretty sure it's ok.
Click to expand...
Thanks for that info. I will look into it.
 
Tracy Perry

Tracy Perry

Well-known member
GW2 said:
Here is what I see using Fire Fox:
View attachment 279048
And this:


View attachment 279049

So, it appears something is amiss with Fire Fox.
Click to expand...
Not necessarily... if the site is not using an image proxy, and is serving images linked directly to a non-secure website... this would be a normal issue to show up. It can also happen if whomever set the site up has linked to a non-secure image and there is no automated re-write in place.
 

Similar threads

M
Looking to potentially hire a Forum Admin
Replies
3
Views
268
Nicolas FR
Nicolas FR
R
Connected account providers miss Xenforo?
Replies
5
Views
208
gigipmc
gigipmc
F
  • Solved
XF 1.5 Can't login to my forum with 2FA after iOS upgrade failed on my iPhone
Replies
13
Views
575
FTL
FTL
Semper Fidelis
  • Question
ES 2.2 My Elasticsearch cluster keeps stopping on its own
Replies
0
Views
203
Semper Fidelis
Semper Fidelis
A
How many admins to futureproof?
Replies
12
Views
605
Baby Community
Baby Community
Top