Folding Forum

Hopfgeist wrote: I understand. Letsencrypt, as the name suggests, put their emphasis more on the encrypted connection (making that the default across the whole web), and somewhat less on trustworthy authentication.

Just got to be extra careful to check that you're visiting Paypal and not Paÿpal.

This was posted on the F@h News site - https://foldingathome.org/2020/12/02/forum-outage/.

Not sure if this has been suggested before but my browser doesn't show the lock symbol when visiting this site via https.

The reason seems to be

An updated certificate was loaded for the forum sometime Friday evening, I have not seen an official announcement about that. Not quite certain myself on how to interpret the messages you are seeing.

The first message says that the Google form at the top right should be referred via HTTPS to avoid mixed content. That should be easily fixable in the forum code.

The second message is about signature images. If at least one of the users uses e.g. an image from the Extreme Overclocking stats site, they should use HTTPS instead of HTTP in the IMG link, or there will be a mixed content warning. Since it's your signature Joe_H, you can fix it for this particular page by editing your signature. Trying to enforce this on all signature images might be a bit outside what time should be spent on. Having the certificate updated and valid is the main thing.

Okay, I can change my signature to using https, and it works currently. At one point in the past using the https link to the EOC signatures did not work.

As for the Google search form, there was a reason it uses http that I came across once, but don't recall the details. Will have to check ti see if that reason still holds, and who can make the change.

What some forums proxy all images via a domain they control and making everything https that way. But these days almost everyone uses https, so only old links/threads/posts are affected. Unless there's some extension for phpBB that does this automatically, it's probably not worth doing anymore.

Something that should be easy to do and would fix some of these issues, is to search the database for known hosts that used to use http and replace them with https. EOC, imgur (http://i.imgur.com), f@h site, etc.

Also, use HTTPS for the search forms in the header. Google have supported it for years now.