http://citycyclingedinburgh.info/bbpress/ CityCyclingEdinburgh Forum » Topic: https certificate en Fri, 01 May 2026 17:46:29 +0000 http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-378576 Mon, 10 Feb 2025 00:02:39 +0000 davey2wheels 378576@http://citycyclingedinburgh.info/bbpress/ <p>@chrisfl I have some ideas about the https implementation, anything bbpress specific is a different matter.<br /> I assume that the technical details don't need to discussed in the forum. Hit me with a PM if you want to take it further. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-378573 Sun, 09 Feb 2025 18:08:54 +0000 chrisfl 378573@http://citycyclingedinburgh.info/bbpress/ <p>Thanks - having moved the site to a server where the server is listening on https, my hand was forced to look again at https supoort.</p> <p>I did find a database setting that seems to control the base URL and tried changing this, and it looked good from the user point of view, but it looked to have broken the admin interface. In the end I had to roll this change back.</p> <p>I tried the https -&gt; http redirct to try and get everyone back on the http version, but this might notn have worked!</p> <p>Happy to try an idea's that folks have. But I think together with the issues with search that upgrading the mysql software, I think we are getting close to the end with using bbpress. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-378539 Wed, 05 Feb 2025 22:39:24 +0000 davey2wheels 378539@http://citycyclingedinburgh.info/bbpress/ <p>Cheers. In a previous life I administered front end systems that handled the encryption for back end web services, so tend to notice this kind of thing.<br /> I haven't seen any notifications of work being done, but it's good to know that someone is instigating these changes rather than them happening accidentally. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-378538 Wed, 05 Feb 2025 16:56:59 +0000 bakky 378538@http://citycyclingedinburgh.info/bbpress/ <p>I believe transition to https was aborted due to other issues it caused in the forum software, i.e. the backend / admin side of things. In a just transition, nothing is borked for anyone. /salutes @chrisfl </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-378537 Wed, 05 Feb 2025 13:40:02 +0000 Arellcat 378537@http://citycyclingedinburgh.info/bbpress/ <p>@davey, yes, that someone is @chrisfl. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-378535 Wed, 05 Feb 2025 13:16:11 +0000 davey2wheels 378535@http://citycyclingedinburgh.info/bbpress/ <p>I assume someone has been playing around with a certificate for citycyclingedinburgh.info since the middle of January, when my browser reported https issues which I worked round by forcing https. There now appears to be a redirect to w ww.citycyclingedinburgh.info which is not included on the certificate and I'm now having to accept http.</p> <p>Edit: post wants to insert http:// before the www so I've made it "w ww". </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372698 Wed, 03 Jan 2024 19:34:47 +0000 boothym 372698@http://citycyclingedinburgh.info/bbpress/ <p>Looking at Github, there's half a dozen files including the index page with its redirect which have http:// in them. </p> <p><a href="https://github.com/search?q=repo%3Achrisfleming%2Fcitycyclingedinburgh.info+citycyclingedinburgh.info&amp;type=code" rel="nofollow">https://github.com/search?q=repo%3Achrisfleming%2Fcitycyclingedinburgh.info+citycyclingedinburgh.info&amp;type=code</a> </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372509 Sun, 24 Dec 2023 13:18:42 +0000 neddie 372509@http://citycyclingedinburgh.info/bbpress/ <p>@mcairney. Yeah same issue I think. You can still use the autofill, you just have to click username, click autofill, click CCE account, click username in autofill, confirm, click password on CCE, click autofill, click CCE account, click password in autofill, confirm, hit login. Or something like that. 11 clicks and you’re there </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372508 Sun, 24 Dec 2023 12:48:59 +0000 mcairney 372508@http://citycyclingedinburgh.info/bbpress/ <p>Not sure it's worth enabling HTTPS, seeing what breaks then trying to fix forward?<br /> Until recently it was only a minor annoyance as I use a separate, generated password for this site anyway via a password manager although recently the autofill on my iphone seems to have stopped working (which might be the same issue neddie refers to?) </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372498 Sat, 23 Dec 2023 23:51:49 +0000 cb 372498@http://citycyclingedinburgh.info/bbpress/ <p>Yeah, agree on the Cloudflare option. Should be pretty quick to change it over and no change required on the site itself, just an NS change on the registrar. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372497 Sat, 23 Dec 2023 18:29:16 +0000 CycleAlex 372497@http://citycyclingedinburgh.info/bbpress/ <p>Could you not stick the site behind a free Cloudflare plan? They offer flexible HTTPS that only encrypts between the browser and Cloudflare. Not perfect but would still display as a HTTPS connection. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372493 Sat, 23 Dec 2023 14:03:53 +0000 neddie 372493@http://citycyclingedinburgh.info/bbpress/ <p>Lack of https now means I have to perform 11 clicks to log back into the site after it keeps throwing me off. This is due to “resistance” built into iOS to stop people autopasswording into non secure sites. This also makes it slightly less likely I’ll bother to post </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372348 Mon, 18 Dec 2023 15:39:28 +0000 chrisfl 372348@http://citycyclingedinburgh.info/bbpress/ <p>If anyone wants to look at the code currently running the site, there is a copy here: <a href="https://github.com/chrisfleming/citycyclingedinburgh.info/tree/master/bbpress">https://github.com/chrisfleming/citycyclingedinburgh.info/</a></p> <p>It didn't occur to me that URL's might be hardcoded into the database as it's just so shortsighted, but I will have a look around and see. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372345 Mon, 18 Dec 2023 12:32:26 +0000 Baldcyclist 372345@http://citycyclingedinburgh.info/bbpress/ <p>Oh, I see bbpress is just a WP plugin which makes sense.</p> <p>For WP the site we had that was broken was a WP multisite with around 1000 sites on it.</p> <p>Really steps were:<br /> Check .htaccess file and check that matched what WP suggested in Settings &gt; Network settings<br /> Go to config.php and make sure that is mapped to https.<br /> Go to database and go to wp_options, make sure 'siteurl' and 'home' are set to https.</p> <p>We had to go deeper than that as it was a multisite site, and change siteurl for every site on the network (which was the complex bit that needed scripting, if just one site straight forward as above).</p> <p>We also had an issue when we had fixed the redirect that there would be another error when you navigated to the WP dashbord, I can't remember if that needed the .htaccess file at the wp_admin ammended, or wheather there was another table in the datavase that needed ammended. Can look back at messages if that happens though. :)</p> <p>I don't know if bbpress holds URL info as well, so might be worth a poke around there in the DB as well, but certainly we didn't need to do anything plugin specific on our multisite and there's a number of plugins on that. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372322 Sat, 16 Dec 2023 19:51:56 +0000 chrisfl 372322@http://citycyclingedinburgh.info/bbpress/ <p>This is exactly what happened, the site kept redirecting back to http:// version which then </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372210 Tue, 12 Dec 2023 17:56:35 +0000 Baldcyclist 372210@http://citycyclingedinburgh.info/bbpress/ <p>"correct way"</p> <p>Yep, you would hope that would do it, but then when the site ends up in a redirect loop, and you can't login, and the call has come back from the infrastructure team saying everything looks grand on the servers. You sometimes have to change the URLs in the database. :)</p> <p>Anyway, often what shouldn't be complicated often is. :) </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372196 Tue, 12 Dec 2023 12:39:45 +0000 mcairney 372196@http://citycyclingedinburgh.info/bbpress/ <p>The 'correct' way to do this would be to have a rewrite/redirect rule to turn all HTTP URLs into HTTPS- this would also mean any existing links to the http site wouldn't break.<br /> I've done this before in Apache but not in nginx. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372165 Mon, 11 Dec 2023 11:31:45 +0000 Baldcyclist 372165@http://citycyclingedinburgh.info/bbpress/ <p>I've had this with WP sites (I know this one isn't), I exported the DB, opened the sql file in a text editor, did a fnd and replace, and then re-imported the DB.</p> <p>More techie folk may do something similar with scripts. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372163 Mon, 11 Dec 2023 09:34:41 +0000 chrisfl 372163@http://citycyclingedinburgh.info/bbpress/ <p>I did look at this some time ago, the setup was a nginx front end with the LetEncrypt certificate. The main issue is that non https urls are baked into the site and I could never get it working. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372124 Thu, 07 Dec 2023 10:35:57 +0000 Arellcat 372124@http://citycyclingedinburgh.info/bbpress/ <p>Paging @chrisfl. @chrisfl to the red lighty-up top secret hyper-encrypted secure courtesy telephone, please. </p> http://citycyclingedinburgh.info/bbpress/topic.php?id=21417#post-372123 Thu, 07 Dec 2023 02:42:01 +0000 bwduncan 372123@http://citycyclingedinburgh.info/bbpress/ <p>Hi,</p> <p>Are there any plans to provide HTTPS? I get that part of the charm of this site is the simple nature of the forum software, but while (for the sake of argument) 25% of users might be tech-savvy and would welcome the extra security, 25% might be technophobic and not know that they are sending their email and password (which may well be shared with other sites) in the clear on public WiFi, for example.</p> <p>There are free HTTPS certificates available from LetsEncrypt, and all modern web servers support HTTPS. I'd be happy to help with the transition, if necessary.</p> <p>Thanks,<br /> Bruce </p>