Jump to content
[MUST READ] Forum Rules ×

SSL on free hosting


JayAld

Recommended Posts

Hi,

I signed up last night for the free hosting, and have migrated a couple of domains today. Just wanted to see if anyone has managed to successfully use SSL on the free hosting.

I read up about the LetsEncrypt block after having issues with that, so tried Comodo's free offering instead.

I've got the Comodo certificate installed which works on some browsers nicely, but am seeing issues with other browsers (including an outright refusal to visit on my phone) for security reasons. These are caused by the server only having the certificate and not intermediate ones (to link my certificate cleanly to the trusted certificates the browser holds). The server is missing these:

Sectigo RSA Domain Validation Secure Server CA
Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676
Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=
RSA 2048 bits (e 65537) / SHA384withRSA

USERTrust RSA Certification Authority
Fingerprint SHA256: 1a5174980a294a528a110726d5855650266c48d9883bea692b67b6d726da98c5
Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=
RSA 4096 bits (e 65537) / SHA384withRSA

I raised a ticket with support, but just got a reply back saying "intermediate certificates are not supported on free hosting".

This obviously now draws into questions whether the free package is usable, given HTTPS is a must for security (and search engines will downgrade any references without it), and I can't run a certificate on my site that results in some browsers blocking the site completely. Has anyone found a provider where Byet servers have all the intermediate certificates they needed?

 

Jay

Link to comment
Share on other sites

Hi Jay and welcome to the forums!

You can use CloudFlare's SSL (by activating CloudFlare from either the vPanel or by transferring it to their nameservers).

Also, most browsers, including the latest versions of Chrome, Firefox and Opera, do not need the CA Certificates to trust a website so you shouldn't have problems. Could you post a screenshot?

Link to comment
Share on other sites

18 hours ago, PCTipsGR said:

Hi Jay and welcome to the forums!

You can use CloudFlare's SSL (by activating CloudFlare from either the vPanel or by transferring it to their nameservers).

Also, most browsers, including the latest versions of Chrome, Firefox and Opera, do not need the CA Certificates to trust a website so you shouldn't have problems. Could you post a screenshot?

Thanks PCTipsGR, I appreciate the welcome!

I've found CloudFlare to really mess with site metrics in the past, due to it's own cache of the site, so was planning to avoid if I could. Certainly an option I'll consider again though, as visitors need to be able to get to the site ideally :)

I attach a screenshot of the first site I migrated. It's fine in Chromium (the engine behind Chrome), but Firefox doesn't like it due to SEC_ERROR_UNKNOWN_ISSUER ("Peer’s Certificate issuer is not recognized"). I won't post the mobile view, as you'll notice I'm a Linux man, and my mobile (running LineageOS) throws no error, just won't visit the site. Firefox is the bigger concern, though it would be interesting to hear what results others get from iOS and Android (site is findamanandvan.co.uk) as mobile visitors are 80%+ of the traffic normally.

Still baffled as to why Byte don't just installed all immediate certificates for LetsEncrypt and Comodo, given they are the obvious providers many will be using. I imagine premium customers will slowly demand they add them over time, which will cost them more than doing a planned upload now.

 

Jay

famavcerterror.png

Link to comment
Share on other sites

I got ssl working on one of my sites using cloudflare. And I have a free byethost account. Curiously, my site is secure if you enter mydomain.tk. It's unsecure when you enter www.mydomain.tk. I know nothing about web development so I'm gonna' be trouble shooting that problem for a bit. I'm thinking it's a DNS problem? Anyway, I'm a bit unclear as to what intermediate certificates are but I've got ssl working on my site. Partly!

Link to comment
Share on other sites

Hi Jazz,

Thanks for checking my site with your browser.

It maybe worth checking CloudFlare's configuration (and Googling your issue, as CloudFlare is popular so your issue maybe too :)). It maybe your certificate has only been applied to your main domain and not the WWW sub-domain... just a guess, but there may an option for each in CloudFlare.

Intermediate Certificates are just the ones "in the middle". Browsers have a set of high level trusted ones, and these are used to "sign" other certificates which may in-turn be used to sign ones below them again. For security and logistics, end customer site certificates aren't signed by the high level ones... there's effectively a chain of certificates (like a baton being passed in a relay race) if that makes sense... so my certificates are a couple of layers off those my browser trusts... the ones in the middle are "intermediate certificates", needed to prove that my certificate really has Comodo's signature!

Link to comment
Share on other sites

You could try the following guide for a Let's Encrypt SSL on Byet, which I think will be probably trusted without a CA Certificate, I cannot be sure though:

Quote

 

1. Sign Up for Cloudflare manually and transfer your domain to them by changing nameservers (Control Panel integration won’t work)

2. Visit www.sslforfree.com, which is an Online ACME client to provide Let's Encrypt certificates

3. Enter your domain, and select "Manually Verify Domain (DNS)". It will give you some TXT records which you will have to copy.

4. Go back to Cloudflare and then go to the DNS section of your Cloudflare Dashboard.

5. Select TXT from the dropdown list, for name enter:

@ for your main domain and/or www if you want people to access your domain from www

Paste the Records (TXT) that you copied and go back to SSLForFree, it will give you your private key and certificate.

Now remove/disable your site from/on CloudFlare and restore it to the Byet nameservers. Install the SSL via the control panel and it should work!

Keep in mind that you will have to repeat this process every 90 days, unfortunately.

 

I tried visiting one of the sites in free hosting that has a Let's Encrypt certificate (unfortunately, I cannot share the link) and it was trusted on Firefox without the CA certificate (while yours seemed as untrusted).

Edited by PCTipsGR
Link to comment
Share on other sites

20 hours ago, JayAld said:

Hi Jazz,

Thanks for checking my site with your browser.

It maybe worth checking CloudFlare's configuration (and Googling your issue, as CloudFlare is popular so your issue maybe too :)). It maybe your certificate has only been applied to your main domain and not the WWW sub-domain... just a guess, but there may an option for each in CloudFlare.

Intermediate Certificates are just the ones "in the middle". Browsers have a set of high level trusted ones, and these are used to "sign" other certificates which may in-turn be used to sign ones below them again. For security and logistics, end customer site certificates aren't signed by the high level ones... there's effectively a chain of certificates (like a baton being passed in a relay race) if that makes sense... so my certificates are a couple of layers off those my browser trusts... the ones in the middle are "intermediate certificates", needed to prove that my certificate really has Comodo's signature!

Thanks for taking the time to explain! And thanks for the advice; I'll look into that. Anyway, I understand why certs are important. Hope you figure out the problem!

Link to comment
Share on other sites

Thanks everyone for your help on this... I implemented CloudFlare last night, and turned on SSL, but turned off caching, to remove previous issues I've had with CloudFlare.

It's all looking good today! CloudFlare is using it's own certificate, which seems to be making all browsers I can test happy enough. On that basis, I'm not sure there's any point in getting a domain specific certificate at this time, I'll monitor and see if I find any weakness of letting CloudFlare worry about it for me (no renewal for me to worry about this way)!

I'll raise a couple of enhance ideas on the relevant forum, as its not great having to use CloudFlare for this, but I'm happy it means I no longer means I have to run insecure domains!

Thanks everyone, that was really helpful.

Link to comment
Share on other sites

Hi @PCTipsGR

I tried using Cloudflare software inside CPanel and while enabling the feature for a domain, I got this error

CLOUDFLARE ERROR :An error occured creating a cloudflare user for you, the error was

The unique_id 'fa5_14591974' has already been assigned to a different user.


Can you explain what went wrong here and how I can solve it. Thanks

Link to comment
Share on other sites

2 hours ago, himani said:

Hi @PCTipsGR

I tried using Cloudflare software inside CPanel and while enabling the feature for a domain, I got this error


CLOUDFLARE ERROR :An error occured creating a cloudflare user for you, the error was

The unique_id 'fa5_14591974' has already been assigned to a different user.


Can you explain what went wrong here and how I can solve it. Thanks

Himani,

From what I can see as a customer myself, it looks like the Byet CPanel system has a basic interface with CloudFlare that will try to create an account with your Byet login details. The issue is that it looks like your Byet username is already a username on the CloudFlare services. I too had an error setting up CloudFlare from the CPanel so did it directly myself....I assume you have your own domain name, I'm not sure if it will work with subdomains or not:

Just goto cloudflare.com, signup, then on the home screen, click "add a site", and add your domain name. Choose the free package (assuming that's all you wanted), and follow the steps to point your domain at CloudFlare.

Worked well for me, though must admit I'm not sure if you can do this for a Byet subdomain or not.

Edited by JayAld
Link to comment
Share on other sites

2 hours ago, himani said:

Hi @PCTipsGR

I tried using Cloudflare software inside CPanel and while enabling the feature for a domain, I got this error


CLOUDFLARE ERROR :An error occured creating a cloudflare user for you, the error was

The unique_id 'fa5_14591974' has already been assigned to a different user.


Can you explain what went wrong here and how I can solve it. Thanks

From what I can see with this error, it seems like you either had a different email address used with CloudFlare and that specific account before, or that there is already an account with your email address.

You can follow @JayAld's advice if you are using a normal domain and not a subdomain, otherwise try changing your email address and retrying.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...