I have recently had an active website that was protected by an SSL certificate. The site is no longer active and the certificate has expired. I have tried to put up a simple HTML holding page but Google will not show it because there is an expired certificate associated with the domain. Is there a solution to allow me to display the page without needing a certificate.
You don't mention what web server or hosting platform you are using. In general yes you can remove an SSL certificate (and stop listening on port 443). But bear in mind if the user has saved a bookmark starting HTTPS, or the links to the site are HTTPS, or if you used the HSTS header to indicate the site should always be viewed over HTTPS then visitors will have trouble viewing the page only accessible over HTTP.
Given you can get a certificate from LetsEncrypt at no cost the most straightforward, and visitor friendly, option would be to renew the certificate.
Related
There are two domain names:
1.one long (example: MaryJaneFamily.com)
2.one short (MaryJane.com).
The 301 redirect works correctly from EXISTING links from various web sites (from when the site had no ssl).
The redirect domain name appears but gives a "insecure site" warning and it appears as https://MaryJane.com.
The primary domain name does not show up in google listings at all.
I have validated the full domain name with google and provided a new sitemap to google.
The sitemap submission is not showing any errors. DNS for primary domain name shows it is fully propagated.
The link that appears in google is not the primary domain but the forwarded domain name with an "s" added to the http - selecting that link brings to you a "insecure site" warning screen.
What am I doing wrong?
It appear that your SSL certificat is maybe not valid or generated and auto-signed by your server. You have to use a SSL certificate certified by high autority trusted domain. A lot of hosting services can sell you a validated and trusted SSL certificate, or some companies like CloudFlare can give you for free (with some other protections and services like CDN, DDoS protect, firewall...etc).
If you want to do it yourself, you can use Let's encrypt to make your own trusted certificate (remember that you will have to renew this all 3 months but you can easily automate it).
Well, you can read this guide to know more about SSL certificates and which you sould use.
I hope it will help.
Is there a "return 301" for forced SSL in your sites config? If you don't force SSL then you will receive both secure and insecure ports.
I have small website project on a managed hosting server where https is used.
Now I would like to know if it is still secure to use a http subdomain (without https) in combination with a basic auth restriction defined in .htaccess. I have only one security certificate that is used for the main website. Shell I buy a second security certificate for the subdomain?
If you use basic authentication with http you are basically sending your username and password unencrypted over the wire. So to answer the question: No your current approach is not secure. You should buy a ssl certificate or look into Lets encrypt if you dont want to buy another certificate again.
So basically my old domain was benscottp.com for my main domain on Godaddy. I changed it last week to Atmosquare.co.nz. I have put a third party ssl on one of my websites before but it was a subdomain. I have provided a screenshot in my manage ssl panel and the ssl certificate that is for the new domain (atmosquare) has the details of the old domain in it? How do I change this as I think it's the reason behind the ssl not working.
enter image description here
SSL isn't working because it's not issued by a root CA trusted by the browser. There may be other problems also, but that's definitely one of them.
You can't change the certificate. You need to create/order a certificate that covers the domain(s) you want to run SSL on.
You can get free, valid certificates for whatever sites you need from https://letsencrypt.org/
My cert appears to be valid but on the registration page I see an insecure connection warning. Other pages of the site are secure.
Check the console in your browser (F12) for warnings. You probably have resources (CSS/ scripts/ images) served over insecure HTTP on that page.
There should be three cases for your query:
You are using single domain ssl certificate that secures only one
domain and your registration page is running on sub domain or other
domain name.
Solution:
If your page is running on other domain name either sub domain or totally different domain name and if requirement to secure only that domain name then take other single domain SSL certificate to secure only registration page.
You have not enabled SSL certificate for registration page.
Solution:
Enable SSL certificate for your registration page,if you forgot to include that page. Also use jitbit ssl tool to find that are there other http urls remain on which the same SSL has not enabled. If found any then enable SSL on them too to avoid mixed content warning.
Some Content (like images, url etc.) of registration page is on http
page.
Solution:
Checkout reference link how to deal with secure and non secure content warning.
Recently I have installed ssl certificate on my website. After the ssl certificates have been installed ,I found that my subdomain is not working properly. I will address my subdomain as 'xxxx'and main domain as 'primary'. The main domain works well with http as well as https. Now the subdomain works well with http, but with https://xxxx.primary.com delivers me the main site content and not the content of subdomain. I'm using apache server, linux operating system.
Can anyone please help to solve this issue?
Thanks in advance.
This is how SSL protocol works with the browsers. Whenever browsers receive HTTPS request for domain name, it first checks with the server then delivers the site's content. If a website on server has enabled SSL accessed with HTTPS, browser will try to make secure connection and send request to the server.
In your case, your main website is working properly with HTTP as well as HTTPS and delivers proper content, but your sub-domain is not showing proper content for HTTPS. In order to deliver proper content you should consult with your development team. You can better host your sub-domain on another server or you can protect your sub-domain with valid separate SSL certificate.
Suggestion: If you own multiple sub-domains then it is advisable to use Wildcard SSL, that can protect unlimited number of sub-domains with single certificates. Please note, this unlimited does secure first level (blog.domain.com), doesn't second-third-fourth-etc. level (news.blog.domain.com, 1.news.blog.domain.com or abc.1.news.blog.domain.com).