vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=323946

Who is moving to https?
by RichieBoy67
29 Nov 2016 23:06

Anyone making the jump? Google chrome is starting to become an issue for sites not using an ssl as is Apple. I found out a couple days ago my IOS app will not be working as of January 1 unless I use https..

Does anyone have any strategy or plans for switching?

shimei 29 Nov 2016 23:18

I have been using SSL now for a little over two years. I remember during the transition that the site's traffic plummeted. http and https are not looked at as the same url and link juice was deluded even with a 301 redirect. All those back links to my site lost a lot of weight. They were pointing to http and not https, and when I redirected the http to https through htaccess the site lost ranking. Lastly, it took some time for Google to reindex the site and update the site's urls.

Just a heads up, be patient because it will get worse before it gets better. If you're working on SEO, save your money until after you make the transition, because building up the http address is a waste in the long run.

MarkFL 29 Nov 2016 23:19

One of the sites I help admin is beginning to talk about it. :)

Dave 29 Nov 2016 23:20

I've been using it for a long time now with thanks to https://letsencrypt.org/ for free SSL certificates.

RichieBoy67 29 Nov 2016 23:36

Quote:

Originally Posted by shimei (Post 2578903)
I have been using SSL now for a little over two years. I remember during the transition that the site's traffic plummeted. http and https are not looked at as the same url and link juice was deluded even with a 301 redirect. All those back links to my site lost a lot of weight. They were pointing to http and not https, and when I redirected the http to https through htaccess the site lost ranking. Lastly, it took some time for Google to reindex the site and update the site's urls.

Just a heads up, be patient because it will get worse before it gets better. If you're working on SEO, save your money until after you make the transition, because building up the http address is a waste in the long run.

Yeah, that is what I am afraid of and why I have put this off for a long time.

--------------- Added 29 Nov 2016 at 19:37 ---------------

Quote:

Originally Posted by Dave (Post 2578905)
I've been using it for a long time now with thanks to https://letsencrypt.org/ for free SSL certificates.

Thanks for that link!

I think mine cost me about $15 a year or something. I do have an ssl set up. I just do not have it for the entire domain.

Dave 29 Nov 2016 23:54

Quote:

Originally Posted by RichieBoy67 (Post 2578906)
Yeah, that is what I am afraid of and why I have put this off for a long time.

--------------- Added 29 Nov 2016 at 19:37 ---------------



Thanks for that link!

I think mine cost me about $15 a year or something. I do have an ssl set up. I just do not have it for the entire domain.

Best thing is, you can setup automated cronjobs that renews the LetsEncrypt SSL certificate so you never have to worry about renewing them manually.

Apache: https://www.digitalocean.com/communi...n-ubuntu-16-04
nginx: https://www.digitalocean.com/communi...p-auto-renewal
IIS: https://github.com/ebekker/ACMESharp

Or use https://certbot.eff.org/

Ashlar217 30 Nov 2016 03:09

Quote:

Originally Posted by Dave (Post 2578905)
I've been using it for a long time now with thanks to https://letsencrypt.org/ for free SSL certificates.

I use Lets Encrypt also, on a VB friendly host, GlowHost. I started my site from scratch with SSL, so i managed to avoid the worry of lost back links etc...

Best way to go using SSL in my opinion. People just do not trust unsecured sites like they used to.

Paul M 30 Nov 2016 03:31

I added https capability to my forum for anyone who wanted to use it, but its not the default.

The same applies to vb.org, it will work here if you want, but its not the default.

We actually switched vb.com to use it as the default yesterday, since its needed for the IOS mobile app (mandatory soon).

noypiscripter 01 Dec 2016 01:10

I used https://www.sslforfree.com/ which uses https://letsencrypt.org/ for generating the certificates. It's easy to use. I just have no time to install the certificate on the server yet and the cron jobs to auto-renew.

RichieBoy67 01 Dec 2016 09:13

Quote:

Originally Posted by Paul M (Post 2578915)
I added https capability to my forum for anyone who wanted to use it, but its not the default.

The same applies to vb.org, it will work here if you want, but its not the default.

We actually switched vb.com to use it as the default yesterday, since its needed for the IOS mobile app (mandatory soon).

Yep, that is exactly why I have to switch as well..

It would be interesting to see how switching impacts seo and traffic to Vbulletin.com.

--------------- Added 01 Dec 2016 at 20:02 ---------------

I have been working on this and it turned out to be more complicated than I expected. Certain things are not functioning in the admincp I suppose from being blocked by browsers due to not being secure..

First though I have these 3 items I have not been able to find or I found and changed and they may be cached.
https://www.whynopadlock.com/check.php

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I also am trying to get my htaccess to redirect both non www and www to https://


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Appreciate the help,
Rich

CAG CheechDogg 01 Dec 2016 20:43

Try this my Man ....



Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Dave 01 Dec 2016 21:12

I also encountered problems in the AdminCP with HTTPS and Cloudflare. This is what I had to change:

/admincp/index.php look around line 495, and replace the $mainframe variable with

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


RichieBoy67 01 Dec 2016 21:13

Thanks brother,

I tried that one earlier and I could not get on. I have to look at the rest of my htaccess.

I have decided to revert my main url's back to http for now.. Too many issues and some of them may be from Cloudflare. Thought I had this almost done but Chrome was giving me major issues.

As of right now my ads are using https as are other components though the main urls are still http.

PITA..

Thanks for the assistance bro

--------------- Added 01 Dec 2016 at 21:14 ---------------

Quote:

Originally Posted by Dave (Post 2579003)
I also encountered problems in the AdminCP with HTTPS and Cloudflare. This is what I had to change:

/admincp/index.php look around line 495, and replace the $mainframe variable with

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I just posted before I saw this. Let me take a look and maybe this is what I need. :)

Thanks

--------------- Added 01 Dec 2016 at 21:18 ---------------

Quote:

Originally Posted by Dave (Post 2579003)
I also encountered problems in the AdminCP with HTTPS and Cloudflare. This is what I had to change:

/admincp/index.php look around line 495, and replace the $mainframe variable with

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

How did you have the Crypto page set on Cloudflare Dave?

Dave 01 Dec 2016 21:44

Quote:

Originally Posted by RichieBoy67 (Post 2579004)
Thanks brother,

I tried that one earlier and I could not get on. I have to look at the rest of my htaccess.

I have decided to revert my main url's back to http for now.. Too many issues and some of them may be from Cloudflare. Thought I had this almost done but Chrome was giving me major issues.

As of right now my ads are using https as are other components though the main urls are still http.

PITA..

Thanks for the assistance bro

--------------- Added 01 Dec 2016 at 21:14 ---------------


I just posted before I saw this. Let me take a look and maybe this is what I need. :)

Thanks

--------------- Added 01 Dec 2016 at 21:18 ---------------



How did you have the Crypto page set on Cloudflare Dave?

Default settings as far as I know: flexible SSL, HSTS on, origin pulls off, opportunistic encryption on, TLS 1.3 on, automatic HTTPS rewrites on.

RichieBoy67 01 Dec 2016 22:25

Thanks, I will give this another go in a few minutes. :)

Any idea as to what was messing up my htaccess redirects? I tried Cheech's above and I had this one as well:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*)
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

neither of these worked and gave me redirect errors..

Thanks again guys,
Rich


All times are GMT. The time now is 08:54.

Powered by vBulletin® Version 3.8.12
Copyright © 2019, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.