|
Turns out I ran into a major issue turning on SSL on my domain. I've turned them all off for now. It also caused a major impact on my website's security. Let me explain.
I got a free acount from Cloudflare and they could provide free SSL to my domain by changing my domain name servers to Cloudflare's name servers. Immediately, I got SSL on stevenching.com Then I started having problems with Weebly. Weebly is unable to confirm that my domain is pointing to Weebly as it was pointing to Cloudflare's proxies (It is there as the middleman to control who can come in my website). With that I'm constantly getting errors saying that my website is not set up properly and it provided instructions to change my A Records to point to Weebly, which it is already pointing to Weebly (just that Weebly cannot see it) HSTS will also NOT cache my domain as HSTS certified anymore. I've contacted Weebly support and they told me that actually Weebly is bringing SSL for all paid plans! OMG, I should have waited longer before jumping on the SSL bandwagon. Those of you who frequent my website and saw the SSL update yesterday will get a warning from your browsers saying that my site is insecure. It is not insecure. It is because of the HSTS inclusion that I applied, and since I removed HSTS and SSL, I cannot get my website certified anymore (maybe until Weebly start implementing SSL) Those who have issues connecting to my website, please clear your HSTS cache http://classically.me/blogs/how-clear-hsts-settings-major-browsers Sorry for the inconvenience caused I will be back on this again once I can get proper SSL setup on my website. As always, take care and I'll see you soon! Comments are closed.
|
Updated: 20 Aug 2021
Steven Ching
Dazhong Primary School Bukit View Secondary School Singapore Polytechnic (Diploma in Computer Engineering) University of Wollongong (Bachelor of Computer Science - Digital System Security with Distinction) Infantry Specialist (3SG NS) Archives
August 2021
|