Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: FreeToastHost HTTPS Support

FreeToastHost HTTPS Support 2 months 2 days ago #61976

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
FreeToastHost now supports the use of HTTPS (Secure) access for websites using the toastmastersclubs.org based domains. We have acquired a wildcard security certificate for these domains.



At this time, websites with custom domain names cannot be supported, as we do not control/register those domain names, and cannot therefore do anything about the security certificate that would be required to be installed in their DNS records. If anyone has any technical insights to share about how to make this possible via available no-cost, open-source, or other simple approaches, feel free to share. :)

At this time, if you access your website via a toastmastersclubs.org domain, the system will automatically detect this and automatically switch you to HTTPS access if you are not already using that. This automatic switch will not occur for websites with custom domain names. (unless you access those websites via the alternate clubnumber or website alias approach)

Moreover, while we have done testing to verify our implementation strategy, keep in mind that this is essentially new functionality. Please let us know if you find any problems. Also, your content plays a part in this... If you reference insecure content, you will break the security of any webpage in which it is used. We do try to do some reasonable fixes to your content before displaying it in a webpage, but our generalized approach will only work w/ FTH server hosted content and is not likely to be foolproof--you need to look at your content to determine which of it is not being accessed securely.

In particular, the most likely content to break web page security are photos, iframes, and links to insecure pages.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
Last Edit: 1 month 3 weeks ago by SteveTheTechie.
The administrator has disabled public write access.
The following user(s) said Thank You: Jane Atkinson, Pam, user, Bright

FreeToastHost HTTPS Support 2 months 1 day ago #61983

  • user
  • user's Avatar
  • Offline
  • FTH Junior Poster
  • Posts: 25
  • Thank you received: 6
  • Karma: 0
Good job. Thank you. There were a few things broken over HTTPS. One of them is the "List All Agendas" function. There were a few other things, but I forgot what they were. I will post here once I run into the issues again.
Club #389096I
The administrator has disabled public write access.

FreeToastHost HTTPS Support 2 months 1 day ago #61997

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
I am not seeing a problem at this point.

If you find a problem, I need to know the exact circumstances (e.g. what logins, browser, etc.) and the steps you used so that I can reproduce it. Just saying that there is a problem is not sufficient to me being able to resolve it.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
The administrator has disabled public write access.

FreeToastHost HTTPS Support 2 months 1 day ago #62004

  • Jane Atkinson
  • Jane Atkinson's Avatar
  • Offline
  • FreeToastHost Ambassador
  • Documentation Diva
  • Posts: 3507
  • Thank you received: 691
  • Karma: 55
I'm also having issues with list all agendas.

I go to the agenda page (using 5316066.toastmastersclubs.org). I click on the List All Agendas box. The page reloads. But I can still only see agendas going back to the middle of last month (14 Feb).

I've tried it several times with the same results. It's not breaking https but it's not displaying all the agendas for some reason.
Jane Atkinson, DTM
FreeToastHost 2 documentation manager CLICK HERE to read docs.

IPP & Sec/Treas 2016-17, AUT Toastmasters, Auckland NZ 1189695.toastmastersclubs.org
Ernst&Young Achieving Potential, club 1137486
VP Ed, Tōhī bilingual Māori / English Toastmasters, 5316066.toastmastersclubs.org
The administrator has disabled public write access.
The following user(s) said Thank You: SteveTheTechie

FreeToastHost HTTPS Support 2 months 1 day ago #62011

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
Ok, I killed the forced redirect to https for the moment... If you are having issues w/ https then go back to the http for a bit.

Sorry, I knew this was going to be harder than everyone was presuming it would be...
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
The administrator has disabled public write access.

FreeToastHost HTTPS Support 2 months 2 hours ago #62025

  • slmtoast
  • slmtoast's Avatar
  • Offline
  • FTH Newbie Poster
  • Posts: 4
  • Thank you received: 1
  • Karma: 0
Hi Steve,

Our club is registered as www.durhamtoastmasters.org. We used to access the site via non-ssl connection www.durhamtoastmasters.org which still works fine. Our issue is if our club is searched via Google and someone clicks the results link it now redirects to ssl www.durhamtoastmasters.org and we get certificate errors. What can we do to fix?

Maury Smith (VP Public Relations)
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 4 weeks ago #62046

  • Brian
  • Brian's Avatar
  • Offline
  • Administrator
  • Posts: 6406
  • Thank you received: 1809
  • Karma: 101
You cannot use https on your site as www.durhamtoastmasters.org does not have a secure certificate.

If you want to use a secure certificate you will have to use 1203.toastmastersclubs.org
Thank you

Brian McDonald DTM
Freetoasthost Support
support.toastmastersclubs.org

Cataraqui Valley Toastmasters
www.catval.com
Club #9560

District Director District 61 for 2016-2017
Serving Eastern Ontario, Quebec, and Northern New York
www.tm61.org
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 4 weeks ago #62048

  • tund3r
  • tund3r's Avatar
  • Offline
  • FTH Junior Poster
  • Posts: 35
  • Thank you received: 10
  • Karma: 0
Hi Steve,

A free way to get a certificate is "Let's Encrypt"

it checks that you own the domain and it generates a perfectly valid certificate for the domain. If I remember correctly you can verify uploading a page on the server where the domain is pointed so you don't need anything from the owner of the domain. (I guess to work correctly you already made them point to your server)

You should be also able to generate one unique certificate for all the domains, and it has a script that renew them etc ... so the hassle in just in the installation the first time.

I hope this helps
Andrea Dalle Molle
VPE Miami Beach Toastmasters
Club: 1293723
Last Edit: 1 month 4 weeks ago by tund3r.
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 4 weeks ago #62051

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
tund3r wrote:
Hi Steve,

A free way to get a certificate is "Let's Encrypt"

it checks that you own the domain and it generates a perfectly valid certificate for the domain. If I remember correctly you can verify uploading a page on the server where the domain is pointed so you don't need anything from the owner of the domain. (I guess to work correctly you already made them point to your server)

You should be also able to generate one unique certificate for all the domains, and it has a script that renew them etc ... so the hassle in just in the installation the first time.

I hope this helps

Incorrect. We can only get certificates for domains that we control. We do not control custom domains.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 4 weeks ago #62053

  • tund3r
  • tund3r's Avatar
  • Offline
  • FTH Junior Poster
  • Posts: 35
  • Thank you received: 10
  • Karma: 0
the domains are not pointed to freetoast apache server?
Andrea Dalle Molle
VPE Miami Beach Toastmasters
Club: 1293723
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 4 weeks ago #62055

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
tund3r wrote:
the domains are not pointed to freetoast apache server?

Yes, but each club w/ a custom domain registers and pays for their own custom domain. My understanding from Brian is that security certificates have to be put in the DNS records for those domains at their registrar... we do not have access to those DNS records... the clubs do.

We have a wild card certificate that covers all subdomains of toastmastersclubs.org... but this would not cover custom domains... each is different.

Lastly, this is something that Brian and I have working on... Brian installed our cert... he is really our networking and server guru. If you have ideas in this area, make sure you include him.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
Last Edit: 1 month 4 weeks ago by SteveTheTechie.
The administrator has disabled public write access.
The following user(s) said Thank You: silverdalex

FreeToastHost HTTPS Support 1 month 4 weeks ago #62063

  • tund3r
  • tund3r's Avatar
  • Offline
  • FTH Junior Poster
  • Posts: 35
  • Thank you received: 10
  • Karma: 0
The certifying organization needs be sure you are legit and it checks you have access to the root directory of where the domain is pointed, the same thing analytics does or any other service that asks you to proof you have access to the domain. (different certifying organizations use different methodologies, some might even require personal documents etc ... but it's their way to operate, some like let's encrypt, which is a free open project, it's much easier, equally recognized and equally reliable)

There is nothing of the certificate that goes in the dns (except some certifying organizations require the TXT record as a proof of ownership), the actual certificate needs to be installed on the server and the certifying organization has the other part that is necessary when it get an inquiry to verify the certificate.

With let's encrypt there is a script that does everything automatically if you have access to the root directory pointed by the A record of the domain you are trying to certify (wich by my understanding of the freetoast architecture should be freetoast server)

I hope this helps, if you need anything just let me know
Andrea Dalle Molle
VPE Miami Beach Toastmasters
Club: 1293723
The administrator has disabled public write access.
The following user(s) said Thank You: SteveTheTechie, silverdalex

FreeToastHost HTTPS Support 1 month 4 weeks ago #62068

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
I would like to get Brian's view point on this.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 4 weeks ago #62075

  • slmtoast
  • slmtoast's Avatar
  • Offline
  • FTH Newbie Poster
  • Posts: 4
  • Thank you received: 1
  • Karma: 0
Hi Brian,

Yes that is what I thought based on the post from Steve about custom domains. He also posted something about turning off the auto redirect to https but it still appears to be in place for our website.

Maury
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 4 weeks ago #62076

  • slmtoast
  • slmtoast's Avatar
  • Offline
  • FTH Newbie Poster
  • Posts: 4
  • Thank you received: 1
  • Karma: 0
Brian,

You can disregard my last post. My issue with redirect was due to local browser cache. I'll keep following the thread for opinions on acquiring a custom domain SSL certificate.

Maury
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 4 weeks ago #62078

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
You can blame the following header that it seems a lot of browsers are sending to the server:
Upgrade-Insecure Requests

stackoverflow.com/questions/31950470/wha...requests-http-header

I have not found a way to disable this... .I am thinking maybe the browser is detecting that there is a security cert available so it is forcing the upgrade.

Only way I have found around it is to load a website w/o http:// or https:// in the URL in the address box.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
Last Edit: 1 month 3 weeks ago by SteveTheTechie.
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 3 weeks ago #62115

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
Update:

We are still seeing an issue w/ 404 (resource not found) errors when running under HTTPS. This is occurring for "virtual resources" that seem like files per the URL but really are not (e.g. generated from content in the db)--"agenda.html" is a good example. I am working around it at the moment w/ a code tweak, but you can observe these if you are technically inclined and open your browser's developer console.

My opinion is that an additional server configuration tweak is needed, but i have not yet had a chance to discuss that w/ Brian.

Please bear w/ us... we will get this worked out. :)
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 3 weeks ago #62118

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
SteveTheTechie wrote:
Update:

We are still seeing an issue w/ 404 (resource not found) errors when running under HTTPS. This is occurring for "virtual resources" that seem like files per the URL but really are not (e.g. generated from content in the db)--"agenda.html" is a good example. I am working around it at the moment w/ a code tweak, but you can observe these if you are technically inclined and open your browser's developer console.

My opinion is that an additional server configuration tweak is needed, but i have not yet had a chance to discuss that w/ Brian.

Please bear w/ us... we will get this worked out. :)

I believe that this 404 issue is resolved now. :)
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 3 weeks ago #62206

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
tund3r wrote:
Hi Steve,

A free way to get a certificate is "Let's Encrypt"

Thanks for your post... I am looking into this now. I have a post in their community forum.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 3 weeks ago #62215

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
Some clubs may need to change the URLs for photos and/or iframes from http:// to https:// to get them to show... otherwise you just get a blank spot on the page where they reside.

In particular, this is the case with the Google maps iframe... if you are seeing a situation where you are missing something that should be shown on your page, you should check this.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
Last Edit: 1 month 3 weeks ago by SteveTheTechie.
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 3 weeks ago #62217

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
SteveTheTechie wrote:
Ok, I killed the forced redirect to https for the moment... If you are having issues w/ https then go back to the http for a bit.

Sorry, I knew this was going to be harder than everyone was presuming it would be...

This automatic redirect from http:// to https:// has been reimplemented, but as a server configuration RewriteRule. (seamless / less headaches that way)

Again, pay attention for missing content... most of the time it is likely because it needs a https:// in its URL.
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
The administrator has disabled public write access.
The following user(s) said Thank You: Jane Atkinson

FreeToastHost HTTPS Support 1 month 3 weeks ago #62227

  • mamta
  • mamta's Avatar
  • Offline
  • FTH Newbie Poster
  • Posts: 18
  • Thank you received: 2
  • Karma: 0
Club: 4260

Hi there,

Note: I created a new thread as I didn't realize there was already one on this topic. Sorry, I don't know how to delete the other thread :(

I created a link to our District's website (iFrame - see link below) which was working fine until a day or so ago. Iframes on Home page are working fine. I read the Admin notes from Steve regarding adding <https> instead of just <http> but that results in an error message. I'm not sure how to fix this. Thank you in advance for your assistance.

humbershorestoastmasters.toastmastersclubs.org/District_60.html

Mamta, VPPR
Club #4260
The administrator has disabled public write access.

FreeToastHost HTTPS Support 1 month 3 weeks ago #62228

  • slmtoast
  • slmtoast's Avatar
  • Offline
  • FTH Newbie Poster
  • Posts: 4
  • Thank you received: 1
  • Karma: 0
Interesting article on Let's Encrypt. Its not necessarily a bad thing but it looks like it they are being leveraged by malicious websites due to ease of acquiring the certificate.

www.engadget.com/2017/03/31/when-the-s-i...so-stands-for-shady/

Comodo and GeoTrust are known reliable players offering this service and they offer basic SSL certificate offerings for around $13 per year.

Maury
The administrator has disabled public write access.
The following user(s) said Thank You: silverdalex

FreeToastHost HTTPS Support 1 month 3 weeks ago #62233

  • tund3r
  • tund3r's Avatar
  • Offline
  • FTH Junior Poster
  • Posts: 35
  • Thank you received: 10
  • Karma: 0
This is an interesting article, anyway having a more trustworthy player doesn't change anything.

The real reason for having https is not to prevent fishing websites but prevent that ISP (AT&T, Verizon, Comcast) or who has access to them (FBI) can read everything you are transmitting to and from the website and eventually use it selling your browsing habits, getting your passwords, monitoring everything you do.

HTTPS creates an encrypted connection between you and the server you are accessing so the information (that to reach the server is passing through a lot of routers/servers/network architecture, and sometimes machine that are designed just to steal data) travels safely to the end point.

You choosing something different from let's encrypt does not prevent anyone from creating a similar domain and getting a certificate with let's encrypt or someone else (there are a lot of players and I can guarantee let's encrypt is not the only one that scammers can use)
Andrea Dalle Molle
VPE Miami Beach Toastmasters
Club: 1293723
The administrator has disabled public write access.
The following user(s) said Thank You: silverdalex

FreeToastHost HTTPS Support 1 month 3 weeks ago #62235

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • Posts: 8946
  • Thank you received: 2248
  • Karma: 110
SteveTheTechie wrote:
SteveTheTechie wrote:
Ok, I killed the forced redirect to https for the moment... If you are having issues w/ https then go back to the http for a bit.

Sorry, I knew this was going to be harder than everyone was presuming it would be...

This automatic redirect from http:// to https:// has been reimplemented, but as a server configuration RewriteRule. (seamless / less headaches that way)

Again, pay attention for missing content... most of the time it is likely because it needs a https:// in its URL.

Ok, and I have disabled the redirect again until we can figure out what to do, if anything, about mixed custom content (part http: and part https:). :S Mixed custom content is not really our problem (you all define the custom content), but I am guessing you all would like me to come up with a solution anyway... :whistle:
Steve James, ACG, ALB
FreeToastHost 2 Lead System Developer
www.linkedin.com/in/sejames
Officer Emeritus
Mindful Communicators - Club 1966, Presidents Distinguished Since 2008
www.mindfulcommunicators.org
2015-2016 District 52 Division Director of the Year

CLICK HERE to edit your "signature" for forum messages (at the bottom of the "Profile Information" tab). Please include your club # there.

Digital Tip Jar (optional)
Last Edit: 1 month 3 weeks ago by SteveTheTechie.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Moderators: SteveTheTechie, GeorgeMarshall, Pam
Time to create page: 0.222 seconds
Powered by Kunena Forum