Firefox Warning when Logging In

Not sure if you've seen this pop up. I had a user ask me about it and I was able to see it on my end. See attachment.
updated by @keith-mauck: 07/21/17 11:19:44AM

I've not seen it, but suspect it could be a browser thing trying to suggest the site uses https://

If you'd like to change your site to use https:// instead of http:// you can click the ENABLE FREE SSL button from your Jamroom Hosting server here:
https://www.jamroom.net/keith-mauck/hosting/domain_config/194/id=653

Then in your jamroom ACP go to
ACP -> MODULES -> USERS -> USERS -> GLOBAL CONFIG -> create SSL URLs

to force all incoming links to be redirected to the https:// version of your site, then it will be secure.

Can I do this on my two jr sites as well? -Or do I need to do something special beforehand?
Will I need to change all my current site hotlinks as well, or can those all remain the same?
Can I revert back to the way it was previously if this SSL enablement causes a problem?

I've been reading about how Chrome and FF are now kicking in this 'insecure' warning on sites with login functions. It'll be more common soon for non-https sites.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
updated by @strumelia: 04/18/17 08:22:47PM

sure.

Your first domain is this one:
https://www.jamroom.net/strumelia/hosting/domain_config/11/id=46

your second domain is this one:
https://www.jamroom.net/strumelia/hosting/domain_config/11/id=868

Click the ENABLE FREE SSL button for each.

Yes. nothing special needed.
no, just do that second part of the instruction and it will happen automatically.
----------------
Then in your jamroom ACP go to
ACP -> MODULES -> USERS -> USERS -> GLOBAL CONFIG -> create SSL URLs

to force all incoming links to be redirected to the https:// version of your site, then it will be secure.
----------------
yes you can revert if you dont like it.

Thanks Michael! I will try this out on my relatively inactive site first. =8-)
I can't believe Jamroom makes this so easy to do. !

Does this effect my Google analytics in that: will I need to change my settings there to reflect the new https ? Or is it all just a redirect and no need to change GoogAnalytics settings? Thanks for clarifying these details for me.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015

Google analytics should be fine. The thing to keep an eye out for is: if the lock doesnt go to locked, then that usually means that somewhere on the page there is a link to a non-https link.

In that case use ctrl+u to see the page source code, then ctrl+f (find) and search for "http://" to see if you can see the offending culprit.

Or just paste the link here and we can work it out together.

Interesting. I did the switch on my pennywhistle site (which has very few members as of yet and is thus good for testing).
I used Chrome Developer Tools to show me the offending page items. One was a little older smiley icon which I removed. Another was a photo on my profile page that I reloaded and was then fine. Most pages seemed green-locked ok now on that whistle site.
But the problem issue was my two animated ad sliders I use on the Home page of both my sites. They are in html iframe code, and the images are hosted by a very inexpensive 3rd party site I use and like called Comslider, not in the US.
Here's the Chrome https warning i get about the sliders, which are now blocked from loading:

Mixed Content: The page at 'https://pennywhistleclub.com/' was loaded over HTTPS, but requested an insecure resource 'http://commondatastorage.googleapis.com/comslider/target/users/1487350267xd4950b10706967
cf4fe5fa89322f1201/comsliderframe1238105.html'. This request has been blocked; the content must be served over HTTPS.

The iframe http code used for the slider there is:

So... I've written Comslider asking if they can make the appropriate changes to become 'secure' https. I guess that's all I can do if I want to keep using their slider, right?

Right now my Pennywhistleclub.com site is locked/secure https, but only because the two sliders are being blocked. That's ok for now, because I have no paying clients with ads on that site.
But on my other site http://fotmd.com/ I have NOT made the https change, so the FF/Chrome show it not greenlocked, and you can see my two ad sliders are still functioning fine right in the middle of the Home page there. I can't go to https on that site until I get the slider compliant because I have several paying customers with current ads running.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
updated by @strumelia: 04/19/17 08:28:50PM

change the http to https.

see if that fixes it.
to

Did that and refreshed cache, integrity, restarted browsers etc...both FF and chrome- did not seem to make the sliders reappear. (am referring to on the whistle site home page)

BTW, the sliders on that page are showing and working fine on Safari, after I changed it to https like you just suggested.

Michael, my apologies but it's after midnight and I'm falling asleep- be back tomorrow. Thanks for your help!


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
updated by @strumelia: 04/19/17 09:20:58PM

can you check that penywhistle site has
ACP -> MODULES -> USERS -> USERS -> GLOBAL CONFIG -> SITE SETTINGS -> Create SSL URLs

checked please. There are a couple of src="http://....." links in your home page that I would expect not to see. Expected them to be https://.....

the comslider iframe houses a url that is http:// not https:// so it needs changing.

Looking on their website:
http://www.comslider.com/

I can see on the bottom left: "My website is HTTPS secure". Might need to check that for your widget. (screenshot)

You are way ahead of me Michael... =8-p
I got a reply from them during the night (from Slovenia) asking me to check that very box in my Advanced settings for each of my sliders.
I did so and voila!- those two sliders are working again now... yay! I left the 's' adjustment in the iframe code as you suggested...seems to be working fine now. Sometimes I feel so dense- I should have seen that except the Advanced tab was not expanded and it didn't occur to me to check the settings...I was just thinking about the slider codes.

Yes, I saw those http links- they are to images I have on the main pages, in my Blog content boxes displayed there. I fixed one of those images on my profile page there by simply deleting and then re-adding it from my computer. I'm going to similarly try re-adding those images on the main page as well, will report back here when done.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015

Ok that worked for those Home page http image files.
I just opened those specific blog widgets to edit them, saved those image files to my desktop, and then reloaded them, putting the hotlinks back in as before. Good to know if it happens to others.

Now my whole pennywhistle site is showing green locks/secure. Yaaaay, you guys made it so easy on JR hosting!
Thank you!
Now off to apply all this to my main active dulcimer site FOTMD. wheeeee.....


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015

I just went through the process now on my active fotmd site... took me about 3 minutes which included tweaking my slider iframe code to add the 's'. All good on both sites now!
:D


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
updated by @strumelia: 04/20/17 07:15:16AM

Well, it's puzzling to me why, there are my blogs sections on the main page, with images.
When i am logged OUT, the page shows those images as being called from insecure http locations. However once i log IN, they are seen as being called from safe https locations. I had reloaded them all and the blog code reflects there https called status.
The actual login page is fine though, as are all other sites pages: greenlock. Also all fine on the whistle site even when logged out.
So...
The ONLY place I'm seeing a yellow flag now is:
On the fotmd site only, on Firefox only, on the site's main page only, and only when logged OUT.
Any guesses as to why this is?
(-on Chrome it's all fine, even when logged out.)


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
updated by @strumelia: 04/20/17 07:58:28AM

At a guess its a browser cache issue

Ok, I re-uploaded some of the 'offending' jpgs on the Index page, and now it seems the Home page is greenlight on both Chrome and FF even when logged out.
Good!

The only thing I should mention is that I'm still seeing certain images causing insecure status on 'some' profile pages: Bio Box images on profile pages, and also certain vimeo thumbnails (but not others).

here are two examples of problem-causing images- first is a bio box jog, second is a vimeo thumbnail:

Mixed Content: The page at 'https://fotmd.com/jim-fawcett' was loaded over HTTPS, but requested an insecure image 'http://fotmd.com/upimg/image/upimg_file/485/256'. This content should also be served over HTTPS.

Mixed Content: The page at 'https://fotmd.com/rob-n-lackey' was loaded over HTTPS, but requested an insecure image 'http://i.vimeocdn.com/video/553325457_640.jpg'. This content should also be served over HTTPS.

Those then cause the member's profile page to have an 'info' icon instead of a green lock. -But ONLY when I'm logged out.
I can live with that, but there might be some clue there to something that can be easily fixed up.

Note that the very same vimeo thumbnail will not cause an insecure icon on this page:
https://fotmd.com/search/results/jrVimeo,jrYouTube,jrVideo/1/20/search_string=Lackey
...only on his profile page.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015

The problem is that the user has uploaded that picture to his profile text area (the picture of 3 dulcimers) when the system was not https. So the link will be http, until it is manually changed.

I had similar problem where I had thousands of photos in blogs posts that were imported from ning and they were using http addresses. So I had the jamroom people do custom work and make changes to the database, looking for a certain thing in every blog posts text and changing them to new one. (For me it was more than the https, had to delete old ning css related things about pictures that would not work with jamroom css.)

@michael, I enabled it, but my ad zones disappeared, so I need to figure out how to get the https for those. Until then, I've disabled the Free SSL, now my site isn't loading. Does it take a few minutes to perform the changes?

May take some time, but not a lot. I can see your shale site is online now.

thanks must be a cache issue on my end

Are there differences in how long particular browsers may register changes to the SSL?

I actually think you need to tell your browser to not look for https: when visiting your site.

In FF, go to your Options > Privacy and click the "Clear your recent history" link, in the window that opens, select "Everything" from the "Time range to clear" drop down, then make sure the only checkbox that is checked is the "Site Preferences" checkbox and click clear now.

If your using another browser, I'm sure there is something equivalent that you'll need to clear.

Hope this helps!


--

Douglas Hackney
Jamroom Team - Designer/Developer/Support
FAQ-Docs-Help Videos

Ah, yeah! ^^ douglas is right. After I have visited one of my sites that is https enabled then I visit a subdomain of that site that is on a different server and not https enabled, firefox does always try to force me to https.

To stop that behaviour I have to do FIREFOX -> TOOLS -> HISTORY -> CLEAR RECENT HISTORY -> Site Preferences -> CLEAR NOW

(screenshot)

to get the non-https version to show again. Good catch Douglas!

Does this mean every user has to do this too?

I've tried to perform the equivalent on Safari, but it didn't seem to work.

Seems Safari would be FILE > PREFERENCES > PRIVACY > MANAGE WEBSITE DATA > THEN I'D ENTER THE URL OF MY SITE TO CLEAR HISTORY.

Is this correct?
updated by @keith-mauck: 04/22/17 07:35:25AM

Not sure about safari, you are probably in the right area, but you may need to look for site preferences instead of history.

Maybe someone with more Safari experience can chime in here?


--

Douglas Hackney
Jamroom Team - Designer/Developer/Support
FAQ-Docs-Help Videos