Problem:

After installing a valid letsencypt certificate on https://www.personalzone.com I was presented with the following error in my Chrome browser which didnt make much sense given the certificate had just been installed.

personalzone chrome insecure

 

Solution

To investigate I went to the developer tools security tab.

First  click on settings  ( 3 dots in top right of browser )  ->  More tools -> Developer tools.

chrome developer tools

Then click on the security tab of the developer tools console

developer security tab

 

From here it could be seen that the browser was alerting to  active mixed content and the cause was google fonts that were being pulled in via http: instead of https:

 mixed content error

 

Knowing that the css for my Joomla website is  included in the template in use I went to the active template and started looking in the css files

CSS files for a template can be found  in the Joomla backen at extensions -> templates  

 templates

 

and then clicking on the template in the right hand column of results.

 template listing

Clicking on the template ( Jsn_mini_pro by Joomlashine  in this case )  shows all the files associated  with the template.

After a bit of browsing  I found the following  culprit in the css/styles/news.css file

@import url(http://fonts.googleapis.com/css?family=Sanchez);

css file

To fix the issue this was changed to:

@import url(https://fonts.googleapis.com/css?family=Sanchez);

To ensure that the fonts were requested from Google via a secure connection.

Once this was done the browser was shut down and  the personalzone tab was shutdown and re-opened and chrome started displaying the site as secure.

 pz secure url

 

Job Done  ... another problem solved.

 

 

 

 

During my research into the simple things I can do to boost the reputation and subsequently (hopefully) my search engine rankings I discovered that activating https apparently provides a minor SEO benefit . Unfortunately I also discovered that there is a cost associated with getting the SSL certificates required to set up https and that it was going to get quite expensive to set up the basic domain validated certificates for the half dozen or so websites I run.  So I did what any budget conscious webmaster does and went searching for free or cheap SSL certificates.

12 months ago when I did this I found a few good cheap options such as godaddy who  provide domain verified  SSL certificates for under USD$10 so I signed up for them , unfortunately I wasn't able to find cheap certificates for all my websites so I only got them for the higher traffic sites. Unfortunately  12 months later  certificates started to expire introductory prices were gone and renewing certificates was going to cost me hundreds of dollars so once again I wend searching on Google and found Letsencrypt.org who is providing free domain verified certificates and when I say free I mean free to set up and no ongoing recurring charges.

After investigating Letsencrypt.org I discovered that the only catch is that they run an automated service and if your hosting provider isn't set up for this automated service then you need to follow a manual process to set up, install, and renew certificates which as I discovered can be a little complicated when you are working out what you need to do.

The following tutorial documents what you need to do to manually create and install certificates provided by Letsencrypt.org.

Environment:

  • Macbook pro running OS X 10.11.5 El Capitan  ( this is my home computer used to access the Internet )
  • Webhosting provider running CPanel who allows me to install my own certificates and allows filemanager access for the creation of files and directories..

 

Steps to follow:

 

Start by installing the  Letsencyrypt software required to generate certificate keys on your local machine:

git clone https://github.com/letsencrypt/letsencrypt  

 

Once the software has downloaded and installed you can use the following steps to start generating certificates which will be installed on your website later.

In the request below we specify a key size of 4096 and request a certificate that can be used on adomain.com and www.adomain.com

 

cd letsencrypt

./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d adomain.com -d www.adomain.com --debug

 

Enter the password for your Mac when prompted.

 

Note: It is only necessary to use the --debug option the first time you generate a certificate as it triggers the once off download ind installation of  XCode command line tools which are required for success.

 

Lets encrypt will then step through the following process of verifying each of the domains specified in the command line ( adomain.com & www.adomain.com in this case ).

The user interface isn't particularly friendly so you need to watch it closely.

  • Click Yes if you are ok to have your IP address logged as having requested the certificate ... If you are not OK then click No and the certificate request process will stop.

A message similar to the following will be displayed:

Make sure your web server displays the following content at

http://adomain.com/.well-known/acme-challenge/c95E8aJS91Akd4sORhF6YpOjtfDxp9g1sJoxhuvn1RA before continuing:

c95E8aJS91Akd4sORhF6YpOjtfDxp9g1sJoxhuvn1RA.65Adkc_UBtvK9DghXVsBzMBAegBHo1GUXWsgKU8H7yw

 

Do not press enter to continue yet

 

Open Cpanel for your domain in a web browser and  use filemanager to create a text file in the .well-known/acme-challenge subdirectory of your main domain directory with the name and content specified in the message above:

 

Once the file has been put in place you can return to the terminal window containing letsencrypt and press enter.

The above process will repeat for each -d argument you have entered in the command line.

 

If you have put the validation files in the right directories with the right content validation will pass and you will get a message indicating that your certificate has been generated.

 

Once you have generated your certificate you can retrieve the keys from your local machine and install them for your website as follows:

Navigate to the SSL/TLS area of CPanel and select Install and Manage certificates

Select the domain you wish to install certificates for from the domain drop down list

Return to your terminal window and type the following to display the key information:

 

sudo su

cd /private/etc/letsencrypt/archive/adomain.com/

 

cat cert1.pem

cat privkey1.pem

cat chain1.pem

 

Cut and Paste the contents of each key  into the corresponding field displayed in CPanel i.e. copy the contents of cert1.pem  into the CRT field, privkey1.pem into the KEY field, and chain1.pem into the CABUNDLE field .

Hit the Install Certificate button and the job is done.

 

You should now be able to open a webbrowser and navigate to your website using https://  with or without www. at the front.

 

 


Strict Standards: Only variables should be assigned by reference in /home/mitraxco/public_html/startearning.com/modules/mod_wsfbcom/mod_wsfbcom.php on line 18
Go to top