Google Blacklisting or marking Not Secure for http sites with logon

[Mouth]

Ref: https://blog.sucuri.net/2017/05/non-https-websites-blacklisted-for-passwords-without-ssl.html

If you haven't yet ssl/https your site, NOW is the time to do it before you get caught up with Google blacklisting and marking http sites with logons as Not Secure.

 

[Amaury]

Stupid.

 

[Anthony Parsons]

I like it... get rid of a whole lot of the competition for you, just for being diligent in using SSL to protect your users.

Bring it on.

 

[Paul B]

http://heartbleed.com/

 

[Anthony Parsons]

http://heartbleed.com/

What does that have to do with not changing?

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
https://www.openssl.org/news/secadv/20140407.txt

 

[Brent W]

LibreSSL is what we have been using since Heartbleed

 

[DieselMinded]

shut my site down yesterday moving to new server with ssl

 

[Anthony Parsons]

shut my site down yesterday moving to new server with ssl

I'm a little confused as to why you have Google ads on the bottom of your signature business website? Who does that on their business website?

 

[DieselMinded]

I'm a little confused as to why you have Google ads on the bottom of your signature business website? Who does that on their business website?

I put them every where they are allowed , and set them to where they wont show competing ads

 

[Mike Edge]

shut my site down yesterday moving to new server with ssl

Why would you need to move servers for SSL? I have never heard of a server that didn't support it.

I'm a little confused as to why you have Google ads on the bottom of your signature business website? Who does that on their business website?

Agree, I would never do business with a company that had ads not related to their own services offered. Very odd.

 

[rainmotorsports]

Why would you need to move servers for SSL? I have never heard of a server that didn't support it.

If he was on shared hosting some hosts charge to "install". Most don't support let's encrypt if you go that route. Remember it has to be renewed often.

 

[DieselMinded]

moved servers with same host I've had for 10 years using lets encrypt now

 

[Anthony Parsons]

Lets encrypt renewal is as simple as creating a script and adding it to cron, i.e. for NGINX:

nano /etc/letsencrypt-renew.sh

PASTE

#!/bin/bash

systemctl stop nginx
/root/.local/share/letsencrypt/bin/letsencrypt renew --agree-tos
systemctl start nginx

Make it executable: chmod +x /xxx/letsencrypt-renew.sh

Then something as simple as (for cron): 0 0 1 * * root /xxx/letsencrypt-renew.sh

Takes all of a few seconds, run it at some obscure hour of the morning where the least traffic is online, auto renewal for Lets Encrypt sorted.

 

[DieselMinded]

Lets encrypt renewal is as simple as creating a script and adding it to cron, i.e. for NGINX:

nano /etc/letsencrypt-renew.sh

PASTE

#!/bin/bash

systemctl stop nginx
/root/.local/share/letsencrypt/bin/letsencrypt renew --agree-tos
systemctl start nginx

Make it executable: chmod +x /xxx/letsencrypt-renew.sh

Then something as simple as (for cron): 0 0 1 * * root /xxx/letsencrypt-renew.sh

Takes all of a few seconds, run it at some obscure hour of the morning where the least traffic is online, auto renewal for Lets Encrypt sorted.

can you make a mod that does that?

 

[Mouth]

can you make a mod that does that?

I hope not
Modifying SSL certificates should be well out of the reach and permissions that your web server user account operates under.

 

[DieselMinded]

how do i renew when its time manually?

 

[Anthony Parsons]

how do i renew when its time manually?

If you're using shared hosting by a supported provider, then follow: https://community.letsencrypt.org/t/web-hosting-who-support-lets-encrypt/6920

If VPS or upwards, you have root access.

 

[Brent W]

If you use CloudFlare then use their SSL. Much easier one time setup and forget imo.

 

[RobinHood]

How does that work Brent? Do you really have to do nothing on your server and flick a switch on CF's end?

 

[Brent W]

How does that work Brent? Do you really have to do nothing on your server and flick a switch on CF's end?

For Full Strict all you have to do is create your private key and certificate files on your server and then load them via Nginx. Their certificates default to 15 years so not much to do after you get them installed.