Announcement

Collapse
No announcement yet.

Non http redirect to another https domain ?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Non http redirect to another https domain ?

    Sure I read about this some where. I will try and explain the issue

    I have domains that are not using SSL http://example.com. if https://example.com is used on a site that has no SSL it puts up a "this site is not secure" in your browser.
    If you ignore the not "recommended warning" and continue to the website it redirects you to a different domain name that's using SSL??
    Why does it do this and is there a way to stop it redirecting from one domain to another on the server.

    Thank you for any help.
    Gary T

  • #2
    Hi,

    This is expected behaviour, and is just the way Apache works.

    The best way to fix it is to generate a free certificate for the domain in question with Let's Encrypt (you may need to enable the LE plugin in NodeWorx). You could also use a self-signed certificate, but when LE is available, why bother!

    InterWorx are working on a fix for this, and are also working to have SiteWorx automagically generate LE certificates for all domains too.

    Hope this helps,

    Jon
    “Invention, my dear friends, is 93% perspiration, 6% electricity, 4% evaporation, and 2% butterscotch ripple...”

    Comment


    • #3
      I remember now, Its to do with SNI. apache defaults to the next site that does have a SSL Cert.
      Not shown up before but on one ip I have a mixture of non SSL and SSL sites.
      Hope there's a fix in the future
      Thanks for your reply
      Gary T

      Comment


      • #4
        Hello--

        Unfortunately, this anything that we can fix, since it is an Apache level functionality, not an InterWorx level one. It's just how Apache decided to handle allowing more than one domain on an IP address. There isn't really much we can do to in that matter.

        However, we are in the process of working on automatically creating SSL certs via Let's Encrypt upon account creation, which will mitigate the issue, however, there is no ETA at this time.

        Comment


        • #5
          I am going to generate SSL Cert on the accounts that don't have SSL cert, saves me explaining to people why it happens.
          Just notice the option in the Let's Encrypt plugin to generate a cert for all siteworx accounts so will give that a try.

          Gary T

          Comment


          • #6
            Originally posted by Dean38
            When the “This site is not secure” or “This page is not secure” error pops up, click on the ‘Continue to this website (not recommended)’ option at the very bottom of it.
            • Click on the “More Information” for the Certificate Error option next to the red Address Bar.
            • Then, click View Certificates on the information window.
            • Hence, select “Install Certificate” and follow the on-screen instructions.
            • Finally, click “Yes” on the dialog to proceed.
            this has nothing to do with my question, may be another spam poster ?
            Gary T

            Comment


            • #7
              Hi Bear

              Many thanks, and yes it was spammer...

              It is hard as the spam link is not included on first post, but after a day or two, they edit the message and add spam link (in this case paymydoctor)

              I take the view that a post which looks as though it may be genuine but I have suspicion of been a spam post, must remain until a link or spam added

              Very annoying that they do this, but shows that IW is a good place

              Many thanks and stay safe

              John

              Comment

              Working...
              X