This Pressure to go to SSL is intense!

[DieselMinded]

my host is $125/yr for comodo ssl per url so this mess is going to cost me $250/yr to keep my sites from showing "not secure" errors





let me ask this...

since we use pay pal processing to do secure payments via a gateway so we dont have to have our own secure pages

why cant someone set up remote registration pages via gateways and we can use iframes to display

 

[Nudaii]

i believe cloudflares free ssl suffices for this no?

 

[Neal]

You could try Let's Encrypt which is free - https://letsencrypt.org/

 

[Arty]

my host is $125/yr for comodo ssl per url

That is massively overpriced. See https://www.namecheap.com/security/ssl-certificates.aspx or see post above

 

[Louise Williams]

Hello,

Please provide the CSR for the domain. and Confirm the 9.95/yr price.

Thanks!
--
Donald Bennett
xxxxxx xxxx xxxxxxxxxxx

*Please note that tickets are automatically closed after 7 days with no reply. If you need additional support on any issue and the ticket was closed, simply replying will re-open the ticket in our system. You can also reopen the ticket via your client portal.



That was total cost for 1 year certificate from our hosting when we put on new certificate last spring . So yes, the price they are quoting is nuts. (took out the hosing name- not trying not advertise for them)

 

[DieselMinded]

You could try Let's Encrypt which is free - https://letsencrypt.org/

they dont support lets encrypt i asked

 

[Arty]

they dont support lets encrypt i asked

You should be able to upload any certificate in host panel regardless of its origin.

If you can't, its idiotic limitation by incompetent host. Dump that host.

 

[Mr Lucky]

since we use pay pal processing to do secure payments via a gateway so we dont have to have our own secure pages

why cant someone set up remote registration pages via gateways and we can use iframes to display

is this actually a xenForo suggestion, or a suggestion for "someone?"

 

[DieselMinded]

is this actually a xenForo suggestion, or a suggestion for "someone?"

just a thought i had as a work around

 

[Snog]

If your host is charging $125 a year for a a Comodo SSL certificate, then it's time to find a new host. As @Arty said they can be installed from any control panel for your server and they are less than $10 a year from most places. All you need is a Positive SSL for your forums https://www.namecheap.com/security/ssl-certificates/comodo/positivessl.aspx

 

[DieselMinded]

If your host is charging $125 a year for a a Comodo SSL certificate, then it's time to find a new host. As @Arty said they can be installed from any control panel for your server and they are less than $10 a year from most places. All you need is a Positive SSL for your forums https://www.namecheap.com/security/ssl-certificates/comodo/positivessl.aspx

maybe what they offered me isnt what i need then this is the page they sent me too when i asked about ssl

https://support.fluidhosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=327

 

[Arty]

maybe what they offered me isnt what i need then this is the page they sent me too when i asked about ssl

https://support.fluidhosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=327

They are trying to sell you overpriced crap intended for big organizations.

 

[Snog]

maybe what they offered me isnt what i need then this is the page they sent me too when i asked about ssl

https://support.fluidhosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=327

I'd be looking for a new host. You don't need any of those and they are jacking the price on the certificates to a ridiculous price...
https://www.namecheap.com/security/ssl-certificates/comodo/instantssl.aspx

 

[DieselMinded]

pointed my host to this thread and got this response

A: Hi Chad,

For now we support only Commodo SSL. But we soon replace our servers and controlpanel and it will support let's encrypt ssl.

im waiting on them to upgrade the shared servers because i need mysql updated so i can move my ipb site to ipb 4

thing is i cannot get a time line, maybe this is just stall tactics

ive had this host for like 8 years... built a vb forum on thier vps and sold it for $85,000

fluid hosting has always treated me good and customer support has always been excellent

however recent troubles with getting them to upgrade mysql on a shared server and now issues with ssl thats going to end up hurting my sites has me ..... under pressure

 

[Mike]

As this has mostly moved to discussion of SSL options, this is probably best in a different forum.

There isn't anything we'd do about this, beyond recommend using SSL. In theory, you could (manually) rip out the "local" registration components and force people to login through things like Facebook, but that will create some other potential issues.

 

[DieselMinded]

As this has mostly moved to discussion of SSL options, this is probably best in a different forum.

There isn't anything we'd do about this, beyond recommend using SSL. In theory, you could (manually) rip out the "local" registration components and force people to login through things like Facebook, but that will create some other potential issues.

thing is @Mike the violating pages are not just the registration form thats the problem and i dont have log in forms displaying they have to click the button




these pages should not be triggering security errors

 

[Mike]

There is a login form on all pages. If you are taking a different approach with logins then you could potentially remove that, but that's not resolving the problem. It's still insecure (in regards to MITM attacks for example) for people to log in without SSL. Even beyond the login form itself, if you are MITM'd, then they can steal credentials via your cookie which is effectively the same as your login details.

Hence, we recommend full SSL.

 

[alexD]

I'm going to release an add-on in 1-2 hours that will potentially fix your problem @DieselMinded without the need for TLS encryption.

 

[DieselMinded]

I'm going to release an add-on in 1-2 hours that will potentially fix your problem @DieselMinded without the need for TLS encryption.

add no follow attribute to registration and log in via robot.txt?

 

[Robru]

my host is $125/yr for comodo ssl per url so this mess is going to cost me $250/yr to keep my sites from showing "not secure" errors

What a ridiculous amount! I pay at Comodo € 12.50 for 3 years