Page 1 of 1

SSL now enabled for the site

Posted: Fri Jul 19, 2019 7:45 am
by nrgkits.nz
I have just enabled SSL for the site using a certificate issued by letsencrypt.org - please let me know if there are any issues. You should be seeing https:// in the address bar now. Any non-ssl requests will redirect automatically.

Re: SSL now enabled for the site

Posted: Fri Jul 19, 2019 8:47 am
by Shiv
All working for me.

Re: SSL now enabled for the site

Posted: Fri Jul 19, 2019 10:01 pm
by yellowbeard
I am getting a security certificate error - Firefox says "Error code: SSL_ERROR_BAD_CERT_DOMAIN"

Re: SSL now enabled for the site

Posted: Fri Jul 19, 2019 11:16 pm
by nrgkits.nz
yellowbeard wrote: Fri Jul 19, 2019 10:01 pm I am getting a security certificate error - Firefox says "Error code: SSL_ERROR_BAD_CERT_DOMAIN"
Hi yelowbeard

Can you try the following URL and let me know if you still get the SSL error: https://radionecks.co.uk

There is a permanent redirect setup for http://www.radionecks.co.uk and also http://radionecks.co.uk to the above https URL, however it could be your browsers cache also needs clearing.

Re: SSL now enabled for the site

Posted: Sat Jul 20, 2019 12:38 am
by yellowbeard
nrgkits.nz wrote: Fri Jul 19, 2019 11:16 pm
yellowbeard wrote: Fri Jul 19, 2019 10:01 pm I am getting a security certificate error - Firefox says "Error code: SSL_ERROR_BAD_CERT_DOMAIN"
Hi yelowbeard

Can you try the following URL and let me know if you still get the SSL error: https://radionecks.co.uk

There is a permanent redirect setup for http://www.radionecks.co.uk and also http://radionecks.co.uk to the above https URL, however it could be your browsers cache also needs clearing.
Yes that no longer has the security certificate error but it does keep logging me out even if I tick remember me at the login page. I am being a pain in the bollocks aren't I? :whistle

Re: SSL now enabled for the site

Posted: Sat Jul 20, 2019 3:00 am
by Albert H
YB

I thought (at first) that it was logging me out, but if you select "Board Index" rather than "Radionecks" at the top of the page when moving from page to page, you remain logged in.

HTH

Re: SSL now enabled for the site

Posted: Sat Jul 20, 2019 10:35 am
by nrgkits.nz
The login issue should be sorted now also, and you should remain logged in. The server was still trying to set cookies on the non-SSL domain, and so none of the PHP $_SESSION arrays would work in phpbb, which caused it to start relying on a query string parameter in the URL to identify login's.

Re: SSL now enabled for the site

Posted: Sat Jul 20, 2019 10:59 am
by Mongo82
I use https everywhere, previously I was never able to get a secure page here, but all good today.

Re: SSL now enabled for the site

Posted: Mon Jul 22, 2019 1:34 am
by Albert H
The site now seems to be dreadfully slow!

Re: SSL now enabled for the site

Posted: Mon Jul 22, 2019 10:24 am
by nrgkits.nz
Albert H wrote: Mon Jul 22, 2019 1:34 am The site now seems to be dreadfully slow!
I suspect its something to do with the database VM, I did notice the site was a little slow even before enabling SSL. Even loading the site locally from the same physical network (from a client connect to the same switch as the host server) latency is still high, in the order of 4 seconds so its not an issue with the internet link (gigabit fiber).

I have other sites on the same server which don't have any issues. Increasing the resources assigned to the VM also made no difference.

I'm going to be looking at MySql logs now to try and find out whats going on - I suspect there is a table somewhere which may have grown in size, possibly doesn't have the correct indexes set.

Re: SSL now enabled for the site

Posted: Tue Jul 23, 2019 12:16 pm
by nrgkits.nz
The slowness should be sorted now, the issue was the sessions table had grown to 120,000+ rows because obsolete sessions weren’t being purged fast enough. I’ve set the session timeout to 10 minutes now - however this won’t affect anyone who has ticked the box to stay logged in, or continues to load atleast one page every 10 minutes. Please let me know if any further issues.