Author Topic: Non secure HTTP website google phase 2  (Read 11654 times)

0 Members and 1 Guest are viewing this topic.

Offline weather34

  • Forecaster
  • *****
  • Posts: 1068
    • https://weather34.com/homeweatherstation
Non secure HTTP website google phase 2
« on: May 06, 2017, 05:16:21 AM »
Google Chrome initially began using the “Not Secure” messaging on sites WITH A LITTLE ICON back in January of this year(2017). Firefox undertook a similar practice.

Phase 2 "POP UP ALERTS FOR NON HTTPS sites" Beginning in October 2017, Google will show the “Not Secure” message on sites that don’t use HTTPS ,all non-secure pages will be marked as such in Incognito mode.

so 2017 is seeing a big push on HTTPS .

if you need help in setting up a HTTPS certificate for your server get in touch , its free or even may be available already in your cPanel hosted websites with a one click install.

but 2017 and  beyond it is no doubt there will be more changes reference to HTTPS .

i cant think of nothing worse if you have spent months putting your website together , got your weather station data online the way you want it and only to see it fail on the aspect of being non-secure , it may not seem so important , you may be thinking well i don't offer credit cards, or login forms but these annoying nag screens and messages will get tiresome and deter some from using your website and you bet you bottom dollar by mid 2018 it will be a standard requirement  .

by not being a HTTPS CERTIFIED SITE does not mean your website will stop working your just have to have a negative issue about your website.

feel free to pm if you need help..brian






Offline ValentineWeather

  • Forecaster
  • *****
  • Posts: 6362
    • Valentine Nebraska's Real-Time Weather
Re: Non secure HTTP website google phase 2
« Reply #1 on: May 06, 2017, 07:08:25 AM »
Thanks for reminder. GoDaddy has been trying to sell secure certificate for too much $. Did my own this morning using namecheap for 14.97 for 3 years.

https://www.valentinenebraska.net/
Randy

Offline weather34

  • Forecaster
  • *****
  • Posts: 1068
    • https://weather34.com/homeweatherstation
Re: Non secure HTTP website google phase 2
« Reply #2 on: May 06, 2017, 07:32:57 AM »
Thanks for reminder. GoDaddy has been trying to sell secure certificate for too much $. Did my own this morning using namecheap for 14.97 for 3 years.

https://www.valentinenebraska.net/

good stuff whether you see the benefit now or later at least its done and ready . tedious part would be now making template adjustments , same for everyone im in the process of doing one for an old client slowly but surely getting each page done one by one ..think i should have quoted a price by the hour :-)


Offline Jáchym

  • Meteotemplate Developer
  • Forecaster
  • *****
  • Posts: 8605
    • Meteotemplate
Re: Non secure HTTP website google phase 2
« Reply #3 on: May 06, 2017, 07:35:09 AM »
Hi Brian,
yes 100% agreed, https is the future.

Im just hoping however that as it spreds more it also gets more support from the providers. Because in my case for example it is not so simple. I did check how difficult it would be to transfer my site to https and found that my provider offers no built-in solution and also only supports some certificates. In other words, for example Lets encrypt is not supported.

It turned out I would have to set it all up myself - which would be a problem because if you have to set it all up in the hosting manually you really have to know what you´re doing and Im in a position where I cannot afford having my website offline for several days/weeks and hope I will find a way of setting it up.

Also the certificates and the actual support for https as such is relatively expensive in case of my provider, the overall costs would be more than double of what they are now.

I of course agree that over time https should be a standard, but right now Im more hoping that as it gets more popular, there will be some direct solution in my hosting cPanel or at least support for the free certificates. Once that is available I will transfer to https. Until then it is unlikely, fortunately it is not causing any major issues because I don´t have any forms on my website or payment gates and the only thing that is affected is the fact that https users cannot use the "update checking" feature of Meteotemplate.

And I also make sure wherever possible, Meteotemplate supports https. The only scripts where this is not true is where the external source is only available as http - in such case there obviously is nothing  I can do, but there is only a few of those and I replaced all the other links with https or implemented an alternative solution.

Offline ValentineWeather

  • Forecaster
  • *****
  • Posts: 6362
    • Valentine Nebraska's Real-Time Weather
Re: Non secure HTTP website google phase 2
« Reply #4 on: May 06, 2017, 07:42:53 AM »
The one page I have not working with https is my streaming camera on youtube. If I remove the s it works. https://www.valentinenebraska.net/youtube.php any ideas on how to do this?
Randy

Offline Jáchym

  • Meteotemplate Developer
  • Forecaster
  • *****
  • Posts: 8605
    • Meteotemplate
Re: Non secure HTTP website google phase 2
« Reply #5 on: May 06, 2017, 07:46:21 AM »
Hi Randy,
the URL of the Youtube video in your code is "http", you need to change that to "https", Youtube works with https so it should work.
Code: [Select]
http://www.youtube.com/embed/live_stream?channel=UCkqeC8BgPnyYzJsiQWtba_g;showinfo=0&rel=0&modestbranding=1&color=white&theme=dark&vq=hd720&autoplay=1
Change to
Code: [Select]
https://www.youtube.com/embed/live_stream?channel=UCkqeC8BgPnyYzJsiQWtba_g;showinfo=0&rel=0&modestbranding=1&color=white&theme=dark&vq=hd720&autoplay=1


Offline weather34

  • Forecaster
  • *****
  • Posts: 1068
    • https://weather34.com/homeweatherstation
Re: Non secure HTTP website google phase 2
« Reply #6 on: May 06, 2017, 07:48:36 AM »
The one page I have not working with https is my streaming camera on youtube. If I remove the s it works. https://www.valentinenebraska.net/youtube.php any ideas on how to do this?

check the Jquery paths see screenshot


Offline vreihen

  • El Nińo chaser
  • Forecaster
  • *****
  • Posts: 1216
  • K2BIG
Re: Non secure HTTP website google phase 2
« Reply #7 on: May 06, 2017, 07:52:11 AM »
The one page I have not working with https is my streaming camera on youtube. If I remove the s it works. https://www.valentinenebraska.net/youtube.php any ideas on how to do this?

Change the http to https for the YouTube link on the page.....
WU Gold Stars for everyone! :lol:

Offline ValentineWeather

  • Forecaster
  • *****
  • Posts: 6362
    • Valentine Nebraska's Real-Time Weather
Re: Non secure HTTP website google phase 2
« Reply #8 on: May 06, 2017, 07:57:32 AM »
Thanks guys, putting the S works.  =D>
Randy

Online gwwilk

  • Southeast Lincoln Weather
  • Forecaster
  • *****
  • Posts: 2573
    • SouthEast Lincoln, NE Weather
Re: Non secure HTTP website google phase 2
« Reply #9 on: May 06, 2017, 08:24:30 AM »
Thanks for reminder. GoDaddy has been trying to sell secure certificate for too much $. Did my own this morning using namecheap for 14.97 for 3 years.

https://www.valentinenebraska.net/
Now for the more tedious part of the job.  Hit <CTRL><SHIFT>I in Chrome or FF to see where the issues that prevent the green padlock from residing on your site's address bar.  Some pages will even stop working because they rely on an iframe of as yet unsecured NWS information.  I've used an icon, , on my menu to indicate which sites are now blocked.  Someday soon I hope to see better compliance on the part of the NWS with the SSL standard and fewer blocked icons on my  menu.
« Last Edit: May 06, 2017, 08:26:03 AM by gwwilk »
Regards, Jerry Wilkins
gwwilk@gmail.com

Offline ValentineWeather

  • Forecaster
  • *****
  • Posts: 6362
    • Valentine Nebraska's Real-Time Weather
Re: Non secure HTTP website google phase 2
« Reply #10 on: May 06, 2017, 08:40:20 AM »
Jerry are you saying every link needs secure before site gets the full padlock?
« Last Edit: May 06, 2017, 08:57:01 AM by ValentineWeather »
Randy

Offline Jáchym

  • Meteotemplate Developer
  • Forecaster
  • *****
  • Posts: 8605
    • Meteotemplate
Re: Non secure HTTP website google phase 2
« Reply #11 on: May 06, 2017, 08:46:53 AM »
You do get the padlock, but the iframes dont work.

Thats exactly the problem... we are now in a transition phase where it is obviously quite beneficial to upgrade to https, but in the meantime it means some things don´t work for you and there is no way around that.

This obviously slows down the transition process because people think - well everything works with HTTP, only something works with HTTPS, so Im gonna stay with http. And this is a vicous cycle because the more people still use http, the more problems there are for https users if they want to use data from the http sites and the more unlikely the http users are to upgrade.

Offline weatherc

  • Senior Contributor
  • ****
  • Posts: 278
Re: Non secure HTTP website google phase 2
« Reply #12 on: May 06, 2017, 08:49:45 AM »
I of course agree that over time https should be a standard, but right now Im more hoping that as it gets more popular, there will be some direct solution in my hosting cPanel or at least support for the free certificates.

Recent versions of cPanel supports Lets Encrypt out of the box.

Offline Jáchym

  • Meteotemplate Developer
  • Forecaster
  • *****
  • Posts: 8605
    • Meteotemplate
Re: Non secure HTTP website google phase 2
« Reply #13 on: May 06, 2017, 08:59:12 AM »
Im really not sure why, also I would need some changes in IP, I briefly read the documentation on my provider´s site, they offer nothing themselves, I would have to set this all up myself and also it would not be cheap. Not to mention that right now I have to make sure every script works, and because some only work on http (due to the external source) I will stay with http for now. I am sure I will eventually transfer to https, but probably sometime in the future when it is more widespread and easier to setup (ideally provided directly by the provider and when the price goes down a bit).

Offline weatherc

  • Senior Contributor
  • ****
  • Posts: 278
Re: Non secure HTTP website google phase 2
« Reply #14 on: May 06, 2017, 09:11:23 AM »
A relatively simple and not that expensive solution is to put up a VPS-server, install PHP/Mysql etc and the free LetsEncrypt. Those can be get for less than 5 €uros per month. As bonus do you control the whole thing by yourself and are not pinned to what the webhotel desires.

Offline Jáchym

  • Meteotemplate Developer
  • Forecaster
  • *****
  • Posts: 8605
    • Meteotemplate
Re: Non secure HTTP website google phase 2
« Reply #15 on: May 06, 2017, 09:17:22 AM »
The problem is that I will be absolutely honest - my knowledge of servers is close to none and there is no way I could run my own server. The only option would be using a dedicated VPS server from my provider. Which is currently about 5 times more expensive compared to the plan I have now. And based on what I mentioned in the first sentence, having no knowledge of any commands etc. it would be useless to me because I would not be able to install or setup anything extra myself anyway. Im sure I would learn it just like I learned coding myself, but I dont enjoy it and I dont think it would be worth me now spending hours learning to work with a server command line. When the time comes I will transfer to https, for now I am ok with the http version.

Offline weatherc

  • Senior Contributor
  • ****
  • Posts: 278
Re: Non secure HTTP website google phase 2
« Reply #16 on: May 06, 2017, 09:22:34 AM »
The problem is that I will be absolutely honest - my knowledge of servers is close to none and there is no way I could run my own server.

Google is your friend, there are lots of "server-tutorials".
Thats how i learned this thing, i have never even opened a book about servers, php etc.  :lol:

Online gwwilk

  • Southeast Lincoln Weather
  • Forecaster
  • *****
  • Posts: 2573
    • SouthEast Lincoln, NE Weather
Re: Non secure HTTP website google phase 2
« Reply #17 on: May 06, 2017, 09:28:09 AM »
Jerry are you saying every link needs secure before site gets the full padlock?
Aye, that's the rub, Randy.  Each page is dealt with separately, though, as it's served.
Regards, Jerry Wilkins
gwwilk@gmail.com

Offline Jáchym

  • Meteotemplate Developer
  • Forecaster
  • *****
  • Posts: 8605
    • Meteotemplate
Re: Non secure HTTP website google phase 2
« Reply #18 on: May 06, 2017, 09:37:55 AM »
The problem is that I will be absolutely honest - my knowledge of servers is close to none and there is no way I could run my own server.

Google is your friend, there are lots of "server-tutorials".
Thats how i learned this thing, i have never even opened a book about servers, php etc.  :lol:

Yes, I know, I said that too, I assume given Im completely self taught in terms of all web development, I would surely learn to work with servers as well. But the problem is that I have a full-time job, a part-time job and a PhD and so not much free time. And that free time now goes almost exclusively towards Meteotemplate development and that would have to be substantially reduced (including support...) if I wanted to work with servers and although it would have advantages I do not think it would currently be worth the benefit to do this. My free time is limited so I have to prioritize.

It would only be because of that https. Having your own server has many advantages obviously, not just https, however I would not be able to use any of this in Meteotemplate anyway because majority of users dont have their own servers so I can only include things that people can do on a shared external hosting.

Offline ValentineWeather

  • Forecaster
  • *****
  • Posts: 6362
    • Valentine Nebraska's Real-Time Weather
Re: Non secure HTTP website google phase 2
« Reply #19 on: May 06, 2017, 09:50:16 AM »
Jerry can you look at my main index by hitting  Hit <CTRL><SHIFT>I  and tell me what needs changed. To get the padlock...
Randy

Online gwwilk

  • Southeast Lincoln Weather
  • Forecaster
  • *****
  • Posts: 2573
    • SouthEast Lincoln, NE Weather
Re: Non secure HTTP website google phase 2
« Reply #20 on: May 06, 2017, 09:54:36 AM »
Jerry can you look at my main index by hitting  Hit <CTRL><SHIFT>I  and tell me what needs changed. To get the padlock...
You're getting there.  Look at the 'console' after <CTRL><SHIFT>I to see what remains to be done.  I see a jquery lib problem and some persistent mixed-content warnings.

Unfortunately each page with the circle-i will need the same treatment...
« Last Edit: May 06, 2017, 09:56:23 AM by gwwilk »
Regards, Jerry Wilkins
gwwilk@gmail.com

Offline Jáchym

  • Meteotemplate Developer
  • Forecaster
  • *****
  • Posts: 8605
    • Meteotemplate
Re: Non secure HTTP website google phase 2
« Reply #21 on: May 06, 2017, 10:11:00 AM »
Jerry can you look at my main index by hitting  Hit <CTRL><SHIFT>I  and tell me what needs changed. To get the padlock...
You're getting there.  Look at the 'console' after <CTRL><SHIFT>I to see what remains to be done.  I see a jquery lib problem and some persistent mixed-content warnings.

Unfortunately each page with the circle-i will need the same treatment...

OT: just a tip, instead of CTRL+SHIFT+I you can use just F12  :)

Offline ValentineWeather

  • Forecaster
  • *****
  • Posts: 6362
    • Valentine Nebraska's Real-Time Weather
Re: Non secure HTTP website google phase 2
« Reply #22 on: May 06, 2017, 10:14:20 AM »
Jerry can you look at my main index by hitting  Hit <CTRL><SHIFT>I  and tell me what needs changed. To get the padlock...
You're getting there.  Look at the 'console' after <CTRL><SHIFT>I to see what remains to be done.  I see a jquery lib problem and some persistent mixed-content warnings.

Unfortunately each page with the circle-i will need the same treatment...

Thanks, missed the look under console part. I now have a padlock on main page.
Randy

Offline jgillett

  • Forecaster
  • *****
  • Posts: 1187
  • Boltek, Win7 Pro, ToA
    • TiggrWeather Phoenix
Re: Non secure HTTP website google phase 2
« Reply #23 on: May 06, 2017, 11:47:33 AM »
Recent versions of cPanel supports Lets Encrypt out of the box.
Assuming that the host keeps the cP current (mine doesn't) and that they allow LetsEncrypt (mine doesn't). I'll be moving soon...

What about making all the URLs just //, instead of https://? As I understand it then whatever works will be presented (http or https) automatically. Or have I dropped off the deep end again?
John
W7JKG

Offline Jáchym

  • Meteotemplate Developer
  • Forecaster
  • *****
  • Posts: 8605
    • Meteotemplate
Re: Non secure HTTP website google phase 2
« Reply #24 on: May 06, 2017, 11:54:28 AM »
Recent versions of cPanel supports Lets Encrypt out of the box.
Assuming that the host keeps the cP current (mine doesn't) and that they allow LetsEncrypt (mine doesn't). I'll be moving soon...

What about making all the URLs just //, instead of https://? As I understand it then whatever works will be presented (http or https) automatically. Or have I dropped off the deep end again?

Yes, that is what I use, "//" is the safest option.

Quote
Recent versions of cPanel supports Lets Encrypt out of the box.

Which cPanel

 

anything