Author Topic: Secured Weather Sites  (Read 879 times)

Randall75

  • Storm
  • *****
  • Posts: 1243
  • CWOP-CW6734 WeatherUnderground-KOHNEWAR6
    • CW6734
    • KOHNEWAR6
    • Randy's Weather On The Hill
  • Station Details: Davis Vantage Pro 2 Plus.iMac i5 OS High Sierra 10.13.6 8GB Ram, WeatherCat 3,Logitech 9000 Pro Web Cam
Secured Weather Sites
« on: September 19, 2018, 05:51:21 PM »
Does anyone here have their weather site set up as secured?
Godaddy contacted me to day to see if I wanted to upgrade mine to https.
That with the new updates coming some people may not be able to view my site with the updates like Chrome.
Do we really need to do that?

Thanks

cheers

Blicj11

  • Storm
  • *****
  • Posts: 3242
    • EW3808
    • KUTHEBER6
    • Timber Lakes Utah
  • Station Details: Davis Vantage Pro2 Plus | WeatherLinkIP™ Data Logger | iMac (late 2013), 3.5 GHz Intel Core i7, 24 GB RAM, macOS Mojave | Sharx SCNC2900 Webcam | Supportive Wife
Re: Secured Weather Sites
« Reply #1 on: September 19, 2018, 08:16:01 PM »
Randall:

I know that several of us have switched to a secure site, including Reinhard and me. We really shouldn't have to do it, because we aren't collecting viewer information. The reason I did it is because browsers are now warning people that they are viewing an "unsafe" or an "unsecured" site and this will worry the folks who don't realize it's ok to view an unsecured weather page. Switching to https is just reassuring the casual viewer that he or she doesn't have to worry about all that in the first place. It's not a very complicated change, but you do have to pay a modest annual fee for a secure certificate. There are providers that will give you one for free, but you have to renew them every month or 90 days, rather than annually. GoDaddy would handle all that for you. I am curious as to what they are proposing to charge you for making the switch. The most recent release of Mark's SteelSeries Gauges, which I know you have on your website, makes the switch to https easy as far as the Gauges are concerned.

That's my 2¢ worth. Let us know how it turns out if you proceed, etc.

Here in northern Utah we are about to choke to death from the ash and smoke raining down from these very close wildfires so I trust your air smells a lot better than ours.
Blick


xairbusdriver

  • Storm
  • *****
  • Posts: 2339
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.4
Re: Secured Weather Sites
« Reply #2 on: September 19, 2018, 08:56:23 PM »
In another part of web site upkeep, Google has become their indexing and ranking mobile designated sites first. If you build a responsive design, it shouldn't make any difference. If the site doesn't work well on small screens, your ranking will probably be lowered.

As for https, I've noticed that some domain and web providers are slowly moving to all the free certificate providers to be used and will do the updating for you automatically. You will usually pay for this "service" which is supposed to be fairly simple. I'm dragging my feet on the matter as I have so few visitors. However, Hosgator is now offering a free "https" service that automatically renews every 90 days. I might take them up on that even though I plan on moving to another web host when my current arrangement expires.

So far, no browsers are blocking viewers from plain http sites, they are simply showing different colored "favocons" or images on non-SSL sites.

elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 5297
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, Mac mini (2018), macOS 10.14.3, WeatherCat 3
I won't and sorry about the smoke (Re: Secured Weather Sites)
« Reply #3 on: September 19, 2018, 10:51:55 PM »
Dear Randall, Blick, X-Air, and WeatherCat web spinners,

Does anyone here have their weather site set up as secured?

My website is badly neglected as it is, but I'm certainly not going to bother with upgrading it to secure http.  As far as I'm concerned, Google and other companies are spinning some mass hysteria by marking websites as "not secure."  They web crawlers can determine if the website is capable of collecting any information from the user or not.  A website that only provides information for visitors should - not - be https.  It is simply wasting computing power for absolutely no benefit.

Here in northern Utah we are about to choke to death from the ash and smoke raining down from these very close wildfires so I trust your air smells a lot better than ours.

Not to hijack Randall's thread, but sorry you have such bad air quality.  At the moment California is in better shape, but we are fast approaching the "Santa Ana" season when the wildfires might come back with a vengeance.

Cheers, Edouard  [cheers1]

xairbusdriver

  • Storm
  • *****
  • Posts: 2339
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.4
Re: Secured Weather Sites
« Reply #4 on: May 15, 2019, 12:00:38 AM »
Was searching for more SSL info today and came across https://www.whynopadlock.com//. Just for grins, I plugged in my Wx site and up came a report saying it was 'secured' with a valid certificate! Further sleuthing revealed that Hosgator had "completed installing certificates for all domains" back in the Summer of last year. It's a LetsEncrypt cert but it doesn't expire until the end of July this year.

Went to HG and saw that my primary domain was show as having a cert, but not the Wx site. Chatted with Support and the fixed that.

I still need to confirm that it is automatically renewed by HG or if it was a one-time, one year deal. I didn't think about that while chatting. [blush] I have not modified any links on this or the other site they host, but I think all my on-site links are relative. Hope this is not the beginning of a royal mess!

My updated report from Why No Padlock has this note:
Quote
You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.
That may be a function of the 'free' cert.

Bottom line, you might want to check your hosting service and discover that they may have 'given' you something useful and potentially free. Or empty your browser caches and type in "https" in front of your domain name. ::)

...Perhaps that's why my Banner has disappeared? [blush]

Yep, I've stepped into a pile of it!!!! [banghead]

xairbusdriver

  • Storm
  • *****
  • Posts: 2339
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.4
Re: Secured Weather Sites
« Reply #5 on: May 16, 2019, 03:02:46 AM »
Weird problem with my site. Once SSL was used, none of my gauges (png) or graphs (jpg) displayed. Nor the logos for NWS and other sites. Most of those images are at the same level as the pages that show them, but the ones in a separate directory don't display either. Strangely, both the hourly and daily videos still show. However, all PHP scripts work fine even when grouped in their own directories. If they can't figure out the fix, I plan on simply disabling the cert and forget about the "Not Secure" label. [rolleyes2]

wurzelmac

  • Storm
  • *****
  • Posts: 1240
    • ITIROLPR2
    • Wetterstation Prägraten am Großvenediger
  • Station Details: Davis Vantage PRO2 Plus (24h fan aspirated, wireless) with UV/Solar | Weather Envoy Data Logger | Mac mini Mid 2011 2,7 GHz Intel Core i7 with 12 GB of RAM | 1x Canon EOS 1300D | macOS 10.14.6 Mojave
Re: Secured Weather Sites
« Reply #6 on: May 16, 2019, 06:44:40 AM »
Hello xair,

maybe there is a problem with the rights of the linked png's and jüg's. If I open your site all of your pics are questionmarks - rightclick on one of them, copy the path and open this path in another tab it shows me an error message. So double check if you have given all of your images correct read/write rights.

Just a shot in the blue...
Reinhard


xairbusdriver

  • Storm
  • *****
  • Posts: 2339
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.4
Re: Secured Weather Sites
« Reply #7 on: May 16, 2019, 03:12:41 PM »
I have specifically "discouraged" downloading my images via some htaccess code. However, while I was working with "support", they seem to have added some more lines to that file. On the other hand, my second site, without the added htaccess code, also reflects this lack of images problem when it is accessed with https: rather than plain http:.

The image files themselves have 644 rather than 755 permissions. That basically just denies 'writing' to the files by everyone but me.

One of the options when control-clicking the missing image icon still allows one to "Copy" the path. The one on the NOAA warning note (in the highlighted box near the top of every page) shows "https://mid-southweather.com/img/NOAA_Icons_small/warning.png" [the forum software converts this text to an actual link which will simply show the 403 permission warning Reinhard sees], which is correct. That image is in a directory named "NOAA_Icons_small" in a directory called "img" at the root of the site (mid-southweather.com).

However, most of the WC created images (gauges, graphs) are actually sitting directly in the root directory, no need for path modification, they are at the same level as the viewing html. Here is the path to the Temperature gauge (normally viewed on the "Gauges" page: https://mid-southweather.com/customgauge1.png [you'll get the 403 warning here, also]

wurzelmac

  • Storm
  • *****
  • Posts: 1240
    • ITIROLPR2
    • Wetterstation Prägraten am Großvenediger
  • Station Details: Davis Vantage PRO2 Plus (24h fan aspirated, wireless) with UV/Solar | Weather Envoy Data Logger | Mac mini Mid 2011 2,7 GHz Intel Core i7 with 12 GB of RAM | 1x Canon EOS 1300D | macOS 10.14.6 Mojave
Re: Secured Weather Sites
« Reply #8 on: May 16, 2019, 05:51:44 PM »
Strange. Hopefully you get it fixed - fingers crossed.  :-[
Reinhard


xairbusdriver

  • Storm
  • *****
  • Posts: 2339
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.4
Re: Secured Weather Sites
« Reply #9 on: May 18, 2019, 03:50:44 AM »
Slowly and erratically returning to normal. [rolleyes2] I've removed any hint of https from the htaccess. >:( Wx maps/sites now working on index.html. NWS alert(s) now have the little icon. Graphs and Gauges still not visible. [banghead]

Hostgator seems to have elevated my concern to higher level and I think I have a ticket number. Unfortunately, they have made major site/UI changes and I can no longer find a page with support ticket history and/or status. I have no idea what they are doing as they have not bothered to acknowledge anything by emailed [rolleyes2].

The SSL "Status" still shows "Pending" and the "Enable" button is not active meaning I cannot click it to OFF! And since there is a support ticket, "Chat" contacts claim they cannot touch my site. [banghead] Seriously looking like an early hosting move approaching... [rockon]

Fortunately, WC is rock solid, of course! ThU5:-)

xairbusdriver

  • Storm
  • *****
  • Posts: 2339
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.4
Re: Secured Weather Sites
« Reply #10 on: May 20, 2019, 01:00:34 AM »
I removed (commented out) a line in the htaccess file that had been there for a couple of years. My site now appears to be back to normal with all images displaying properly. Since that occurred at exactly the time I changed the htaccess file, I am 99% sure that is the cause and not something changed by the "support" folks at Hostgator...

That also seems to have re-established the WC banner image here. [cheer]

It will be a very cold day in Hades before I try SSL again, even if it is free and auto re-newing! [banghead]

wurzelmac

  • Storm
  • *****
  • Posts: 1240
    • ITIROLPR2
    • Wetterstation Prägraten am Großvenediger
  • Station Details: Davis Vantage PRO2 Plus (24h fan aspirated, wireless) with UV/Solar | Weather Envoy Data Logger | Mac mini Mid 2011 2,7 GHz Intel Core i7 with 12 GB of RAM | 1x Canon EOS 1300D | macOS 10.14.6 Mojave
Re: Secured Weather Sites
« Reply #11 on: May 20, 2019, 06:32:44 AM »
Glad you are back to 'normal', xair! Just want to mention that you can do a free Lets'sEncrypt SSL zertificate via Free SSL Zertifikate Wizard on your own without your hosting provider. So do I every three months. Although I think you already know...

Cheers,
Reinhard


xairbusdriver

  • Storm
  • *****
  • Posts: 2339
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.4
Re: Secured Weather Sites
« Reply #12 on: May 20, 2019, 01:53:42 PM »
That’s actually the source the hosting company uses. What they do for free is the renewal process. I’m sure I caused most of the problems by “jumping in” to quickly. [banghead]

Blicj11

  • Storm
  • *****
  • Posts: 3242
    • EW3808
    • KUTHEBER6
    • Timber Lakes Utah
  • Station Details: Davis Vantage Pro2 Plus | WeatherLinkIP™ Data Logger | iMac (late 2013), 3.5 GHz Intel Core i7, 24 GB RAM, macOS Mojave | Sharx SCNC2900 Webcam | Supportive Wife
Re: Secured Weather Sites
« Reply #13 on: May 20, 2019, 04:49:08 PM »
I’m sure I caused most of the problems by “jumping in” to quickly. [banghead]

Surely this is the first time that has ever happened.
Blick


xairbusdriver

  • Storm
  • *****
  • Posts: 2339
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.4
Re: Secured Weather Sites
« Reply #14 on: May 20, 2019, 05:24:38 PM »
Quote
Surely this is the first time that has ever happened.
I think I actually maid won uther mistake in life, butt I cant remember what it was. :o [lol]