HTTPS on AO

**Walking Stick** · 09-07-2019, 11:09 PM

Originally posted by Xyxyll

I'm sure if there's a paid/supporter option, the community would offset the cost. I'd certainly donate to help.

Ditto

**stircrazzzy** · 09-08-2019, 01:24 AM

Originally posted by Xyxyll

I'm sure if there's a paid/supporter option, the community would offset the cost. I'd certainly donate to help.

Agreed that AO contains some personal details which should benefit from encryption, but Let’s Encrypt is free. I’m happy to help getting https configured here if help is needed.

**Dayspring** · 09-08-2019, 07:10 AM

I believe we have the SSL certificate installed. Will look into the settings this weekend.

**Dayspring** · 09-08-2019, 03:16 PM

The certificate is out of date, so even if I told the forum to run secure, it would throw an error.

I have an email out to the hosting company, so hopefully this week it'll be resolved. I'll also set a calendar reminder for the certificate expiration date to make sure it's taken care of in a more timely fashion in the future.

**Xyxyll** · 09-08-2019, 03:37 PM

Great news. Thank you!

**MiniMaggin** · 09-13-2019, 02:41 AM

This is interesting reading. I'm an Android developer and learning about webpages.

**Dayspring** · 09-16-2019, 01:41 PM

So the certificate is now on auto-update. There are some hard coded items in the templates (so far as we can tell) that are not using HTTPS. Requires some template editing.

Once we tackle that, we'll see what else is showing as not secure. It's going to be a bit of a process - one thing at a time.

So right now, LOTS of the site is secured via HTTPS, but it's not showing due to the template issues.

**Xyxyll** · 09-16-2019, 06:20 PM

Originally posted by Dayspring

So the certificate is now on auto-update. There are some hard coded items in the templates (so far as we can tell) that are not using HTTPS. Requires some template editing.

Once we tackle that, we'll see what else is showing as not secure. It's going to be a bit of a process - one thing at a time.

So right now, LOTS of the site is secured via HTTPS, but it's not showing due to the template issues.

Thank you for reacting so quickly and taking this so seriously! It's a much appreciated effort that I think will help keep AO relevant for years to come.

**Dayspring** · 10-15-2019, 08:39 PM

Had some free time this evening. Went through and found the non-secure coded items in the template. As of 10:38pm on 10/15, AO is showing as 100% secure in Google Chrome. Feel free to let me know if you have any issues or find places where it doesn't come across as secure.

**Beemer** · 10-15-2019, 11:24 PM

Outstanding. Well done.

**Dayspring** · 10-16-2019, 12:43 AM

One thing to keep in mind - any images that are hosted elsewhere and linked in a post will cause that page to show as not fully secure only because of those images - all of the data (passwords, etc.) is secured. Just the way the internet works (unless those hosts use SSL, I think - this is a hobby, not a full time thing) I think.

HTTPS on AO

HTTPS on AO

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment