Hi again. After a few hours, I finally managed to set things up and the forum is working perfectly now, except the privacy status of the domain. It was secure for a while using Let’s Encrypt, however it keeps going back to Your connection is not private from time to time and then secure again. Is there something with DigitalOcean I’m missing?
And one more thing, I found an available pack for my language, however some of the translations are ridiculous. My question is, if I customize some of the texts, will I lose these customizations if they update the language pack in the future? I’m changing all bot messages one by one and don’t want to lose any of that.
Can you be more specific here? Does it become secure again without any action on your part? Or do you do something to make it secure again?
Updates to the translations will not override local customizations. That said, if you’re updating the translations, you may also wish to update them at https://www.transifex.com/discourse, so that all users of the language will benefit.
My forum was secure after the installation and after doing some work on it, I came back an hour later and got the Your connection is not private message. Refreshed a few times and it was secure again. Same thing has been occurring for 3 hours now. I’m only editing some of the texts and adding new badges. Haven’t made major changes to the forum.
Oh, alright. Will do!
PS: I’m very new to DigitalOcean and servers. I always got my SSL provided by a shared hosting. I’ve followed the installation process step by step and it seemed to work. Apart from that, I’m not sure how to access these and get domain security issues fixed.
That’s very strange. Have you enabled the force_https site setting? It sounds like you’re still able to load the site via HTTP, which would show the “Your connection is not private” warning. Enabling the force_https site setting will ensure all access to the site is over HTTPS, and thus secure.
Sure. On your site, click the hamburger in the top right next to your avatar. Select settings. In the filter field, enter force_https. Check the box to enable the setting once it appears.
Did you install Discourse by following the official install guide? If yes, the site setting is already enabled and hidden.
The warning could be coming from something else, like an insecure image on a page (mixed content warning). The next time your site loads as not private, please open your browser’s development tools and view the console for any errors/warnings. Then share them here.
Yes, I’ve followed the official guide, after being told not to use a 3rd party one. It just randomly appears and disappears, without taking any action. I haven’t posted any images/content yet.
It’s hard to say. If the official guide was followed, Let’s Encrypt was enabled by entering an email at the specified time during ./discourse-setup, and you haven’t uploaded any images/content, this should not be occurring. Are you able to link to your site?
Thanks for the link. At the moment I can’t access the site, perhaps due to Plugin installation went wrong? Selecting a droplet with a small amount of memory should not cause the site to crash, assuming swap was enabled on the server (discourse-setup will do this for you). I can try to continue looking once the site is back up.
The reason I asked about uploaded images is because they’re the most common cause of mixed content warnings, which is my current theory of why you’re seeing the not private warning.
I was able to load your site successfully, and am not seeing “connection not private” warnings. I’ll browse around a bit and see if I can reproduce this.
Yes, these were issues from yesterday. We already fixed all that, as well as emails going to spam folders.
I just managed to remove to the pluginI added and site is up and running again. Sorry for the confusion. Also, how do we make sure we won’t have issues with future content posted by users?
Great, glad that everything is working now. I was just about to reply back saying I’d opened every category page and couldn’t reproduce this.
You shouldn’t have to do anything. The only thing to check is that the download remote images to local site setting is enabled (it is by default). This ensures that ff users link to external content, even if that content is insecure, it’ll be downloaded by your site so it can be served securely.
Hey Joshua! Could you please take a look at this issue? Sadly, I haven’t received an answer yet and couldn’t find previous topics based on this. Thanks!
