New thread request: SSL

markmcde · Mar 5, 2021

Per our volunteers' request, I'm posting this as a new thread. Thanks.

I've tried to install an SSL certificate through CloudFlare, but they get a little vague about what to do next. Would you be able to add a cert through CloudFare or Let's Encrypt?

I had a dandy little app running on my account that fed Google Calendar data to another WordPress blog I ran (on someone else's server). But they just updated to Gutenberg, and I THINK it needs the link to my PHP app to be https://.
I will know once I see the update.

Thanks so very much.

Mark McDermott

garrettroyce · Mar 6, 2021

CloudFlare has their own system for SSL, and it's not something I'm familiar with, or something that I can help with since it's out of x10's control. I found this link, but I have other suggestions: https://support.cloudflare.com/hc/en-us/articles/200170466-Managing-Custom-SSL-certificates

If you don't need CloudFlare's other services (DNS protection [hides that your provider is x10], and DDoS protection [prevents abuse to x10's server, which x10 already does]), then you don't need CloudFlare at this time, and you can simplify a little.

Firstly, from DirectAdmin see if the SSL option is enabled for you by checking your domains tab. If you don't see it, then your account is de-synched; please let us know in this thread so we can fix that. If you see SSL, then all you need to do is select the Let's Encrypt certificate and follow those instructions. If you have your own SSL certificate and you want to import it, then you can chose that option. The options that will not work are the self-signed or disabled options.

You probably don't 100% need SSL, but most people don't like to see the warnings about non-secure websites and it's not worth the headache for something that x10 offers for free. I would just try to enable it rather than work around not having it.

eurikix1 · Mar 7, 2021

garrettroyce said:
CloudFlare has their own system for SSL, and it's not something I'm familiar with, or something that I can help with since it's out of x10's control. I found this link, but I have other suggestions: https://support.cloudflare.com/hc/en-us/articles/200170466-Managing-Custom-SSL-certificates

If you don't need CloudFlare's other services (DNS protection [hides that your provider is x10], and DDoS protection [prevents abuse to x10's server, which x10 already does]), then you don't need CloudFlare at this time, and you can simplify a little.

Firstly, from DirectAdmin see if the SSL option is enabled for you by checking your domains tab. If you don't see it, then your account is de-synched; please let us know in this thread so we can fix that. If you see SSL, then all you need to do is select the Let's Encrypt certificate and follow those instructions. If you have your own SSL certificate and you want to import it, then you can chose that option. The options that will not work are the self-signed or disabled options.

You probably don't 100% need SSL, but most people don't like to see the warnings about non-secure websites and it's not worth the headache for something that x10 offers for free. I would just try to enable it rather than work around not having it.

If you saw my previous reply... please disregard. I found the answer

markmcde · Mar 15, 2021

Garrett,

Thanks much for your volunteer effort in helping out. I could not get back to visit my account until just now. I nound the SSL tab and have activated the "server's certificate." Giving it a little time to work its magic.

I am not certain whether I needed extra security for my site. I am only guessing since my WordPress page on another host switched to Gutenberg and stepped up its own security.

I shall try to update once I have more time to work with this new setting.

Thanks again,

Mark McDermott

garrettroyce said:
CloudFlare has their own system for SSL, and it's not something I'm familiar with, or something that I can help with since it's out of x10's control. I found this link, but I have other suggestions: https://support.cloudflare.com/hc/en-us/articles/200170466-Managing-Custom-SSL-certificates

If you don't need CloudFlare's other services (DNS protection [hides that your provider is x10], and DDoS protection [prevents abuse to x10's server, which x10 already does]), then you don't need CloudFlare at this time, and you can simplify a little.

Firstly, from DirectAdmin see if the SSL option is enabled for you by checking your domains tab. If you don't see it, then your account is de-synched; please let us know in this thread so we can fix that. If you see SSL, then all you need to do is select the Let's Encrypt certificate and follow those instructions. If you have your own SSL certificate and you want to import it, then you can chose that option. The options that will not work are the self-signed or disabled options.

You probably don't 100% need SSL, but most people don't like to see the warnings about non-secure websites and it's not worth the headache for something that x10 offers for free. I would just try to enable it rather than work around not having it.

markmcde · Mar 22, 2021

Garrett,

Thanks again for your help. I thought I was all clear to show iframes on my third-party hosted blog, but it turns out that it only shows on Firefox, and likely only on a desktop browser.

I've got my Certificate setting to "Use the server's certificate". I don't really see that it could be somehow browser specific.

So the problem may be with the blogging portal I'm on (chicagonow.com). It may finally be time to bite the bullet and pay to host my own site.

Again, thanks for your help.

Mark

markmcde · Mar 22, 2021

Nope, I just pasted the same code into a page on my markmcdermott.com account, and had the same result. So I guess I'll be trying some iframe-based plug-ins and see how they work.

garrettroyce · Mar 22, 2021

IFrames can be a little weird. I would recommend avoiding them if possible, because they can lead to strange behavior (in example, a site that was not supposed to be inside an iframe is put inside one) or security issues (the site inside the iframe is HTTPS, but outside the frame isn't). I don't know exactly what you're doing, but if you're using iframes to put a section of one website into your website, you should try to do this in cooperation with the original site though an API. In example, you could take a post from their website and copy that text on to your website via a request from javascript or PHP.

spacresx · Mar 25, 2021

@ markmcde
@ garrettroyce

Iframes themselves usually would not cause issues.
it would usually be how the script uses them.

for example you can use iframes for embedding youtube videos.
as a matter of fact thats how they provide the embed codes to videos.
so if it works for youtube videos it should work for other https sites.
it would just matter how the code is used.

Here is a basic iframe example from w3school:

< iframe src="your_link" height="200" width="300" title="Example">
</ iframe>

less the spaces i included in the iframe tags for the code to show.
adjust the height and width to your needs.
just thought id mention that.

New thread request: SSL

markmcde

Member

garrettroyce

Community Support

eurikix1

New Member

markmcde

Member

markmcde

Member

markmcde

Member

garrettroyce

Community Support

spacresx

Community Advocate

Free Web Hosting

Our Community

Legal