# https connections not working right?



## Marc (Jun 26, 1999)

When I connect to https://www.tivocommunity.com/, I seem to get redirected back to the non-encrypted http://www.tivocommunity.com/tivo-vb/ .


----------



## jcondon (Jul 9, 2003)

Marc said:


> When I connect to https://www.tivocommunity.com/, I seem to get redirected back to the non-encrypted http://www.tivocommunity.com/tivo-vb/ .


Maybe try it without the www ?

Either seems to work for me.

However I also use a Chrome plugin call https everywhere. Not working here.

Pretty cool that Lets Encrypt is allowing everyone to secure their websites for free.

Once everything settles down here I will change my password too.


----------



## Marc (Jun 26, 1999)

I just checked with a command-line tool and see this:

```
% curl https://www.tivocommunity.com/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.tivocommunity.com/tivo-vb">here</a>.</p>
</body></html>
```
So, indeed, TCF is explicitly redirecting the SSL connection to a non-SSL one.

Further, if I explicitly try to request the "/tivo-vb" path via HTTPS, I get this:

```
% curl https://www.tivocommunity.com/tivo-vb
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /tivo-vb
on this server.<br />
</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
```


----------



## David Bott (Jan 1, 1999)

Thank you kindly for the information. I knew we would run into some things as the site has a lot of moving parts and was never set to be https. But as the other member noticed...LetsEncrypt offers free certificates and the WHM server we have just now started supporting it. 

Also Sucuri, the CloudProxy Firewall we use, also supports it as they have partnered with LetsEncrypt and I have now set all traffic to be forced to used https via Sucuri.

Please let me know if the issues continue.

Thanks again for the help.


----------



## stevel (Aug 23, 2000)

There are still some page elements displayed using non-https, which causes browsers to grumble. hide.gif,youtube.gif,badge1.png and weaknees-tivo.png are not https but should be. Hmm - there are two different badge1.png files, both are Sucuri related. One is http://sucuri.net/images/badge1.png the other is http://1.bp.blogspot.com/-L5MO-LCWEZA/TyhN-5bLglI/AAAAAAAAARc/Oxy1F7vfIbs/s1600/badge1.png blogspot.com? Really? All of the references except the last get 301 redirects, which slows down page loads.


----------



## David Bott (Jan 1, 1999)

I have now removed all auto SSL as it seems there are to many elements that need to be updated to work fully with it as the software is so old. We are back the way we were. Suggest clearing cache just in case.

I knew I may have some issues, but nothing like we did. Tried to do right but the old software stopped me again.


----------



## stevel (Aug 23, 2000)

There's still a redirect to https when entering the forum and links to forum sections.


----------



## allan (Oct 14, 2002)

When I'm on the main page and click "New Posts", I get a blank page.


----------



## Mike Lang (Nov 17, 1999)

allan said:


> When I'm on the main page and click "New Posts", I get a blank page.


It works for me even logged in as you. Try clearing your browser.


----------



## David Bott (Jan 1, 1999)

As mentioned..."Suggest clearing cache just in case."


----------



## allan (Oct 14, 2002)

Thanks, that seemed to work.


----------



## freakfactory (Jan 30, 2005)

Could this have broken auto-resizing images? I noticed earlier today that the auto-resizing stopped working. Some of those images in the parking thread or the giggle thread(s) are HUGE! I had no idea, because of the resizing...

EDIT: It does in fact break the imaging resizing. http resizes, https does not.


----------



## David Bott (Jan 1, 1999)

We are no longer using https. (It can be used, but we are not forcing it like we did based on issues it was making with this old software. You seem to have found another issues as to why we are not using it.)


----------

