Every other image is loaded via HTTPS, this is the only exception.
I need to fix this in order to force HTTPS site-wide.
Am I doing something wrong?
1 Like
Search site settings for âhttp://â.
You might also have forced the image in a custom theme.
3 Likes
Thanks for your reply!
This is what I get:
Not sure what you mean by that. Iâve just created a new theme and added the logos, icons and favicon. All via admin settings/dashboard. Thatâs the only resource served via HTTP for whatever reason.
PS: Happy Bâday! 
1 Like
You might try running /wizard and see if thatâll let you change the logo to an https version.
Already tried that with no success.
If I reset the icon I get a default path for the Discourse placeholder, which is still served via HTTP:
<link rel="apple-touch-icon" type="image/png" href="http://community.mysite.com/images/default-apple-touch-icon.png">
Tested on fresh install with default themes. Still canât fix this.
Have you tried turning on force-https?
2 Likes
No. Can I un-force https if I run into trouble?
Yes, you can disable the âforce httpsâ setting by unchecking the setting. If for some reason enabling the setting locks you out of your site, you can disable it through the rails console with:
SiteSetting.force_https = false
8 Likes
After forcing https, it seems to be working now, I get no errors but there seems to be an issue for the security certificate though.
I get this in Firefox only when accessing https://WWW.community.mysite.com:
The certificate is only valid for community.mysite.com. Error code: SSL_ERROR_BAD_CERT_DOMAIN
Note that the following work perfectly (ALL redirect to https://community.mysite.com, except https://www in FF):
- https://community.mysite.com
- www.community.mysite.com
- community.mysite.com
- http://community.mysite.com
- http://www.community.mysite.com
Although https://WWW.community.mysite.com also redirects to https://community.mysite.com in Chrome and it works as expected, Firefox does not redirect and instead shows that error and blocks the site.
I configured my app.yml file using this guide: Set up Letâs Encrypt with multiple domains / redirects and added a redirect from www to the non-www version following this guide: Redirect additional domain(s) to your Discourse instance
Yep, you canât publish over HTTPS reliably without that setting being enabled. Itâs why it warns you every time you visit the dashboard that it has to be set.
As youâve not shared your site URL we canât look at the certificate to verify if youâve configured it correctly, but that error suggests youâve missed a subject alternate name. Itâs only going to be used for the redirect, but once youâve corrected your certificate the error will go away.
1 Like
Thanks for your input.
So essentially I should add a redirect from the https://www version to https:// â is that what youâre implying?
EDIT: Just wanted to stress that the https://www is currently only redirecting to https:// in Chrome. Firefox is blocking the site.
Currently I only have this redirect:
- file:
path: /etc/nginx/conf.d/discourse_redirect_1.conf
contents: |
server {
listen 80;
server_name www.community.example.com;
return 301 $scheme://community.example.com$request_uri;
}
Iâm not implying anything, if youâre getting an HTTPS error for www that means youâve configured a server directive to listen on an HTTPS URL, but the associated certificate lacks the Subject Alternate Name for WWW. Your Letâs Encrypt request will need to request any additional domains passed in using -d as specified in the guide you linked above:
after_ssl:
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /-k 4096 -w \/var\/www\/discourse\/public/
to: |
-d www.main-domain.com -d second-domain.com -d www.second-domain.com -d other-domain.com -d www.other-domain.com -k 4096 -w /var/www/discourse/public
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /-k 4096 --force -w \/var\/www\/discourse\/public/
to: |
-d www.main-domain.com -d second-domain.com -d www.second-domain.com -d other-domain.com -d www.other-domain.com -k 4096 --force -w /var/www/discourse/public
With the real production domain names specified in place of the examples. I canât check the state of the certificate youâre using as youâve not provided any real link to your site.
This will only be for the redirect as you canât publish Discourse itself via multiple URLs. Strictly speaking you shouldnât need a server directive at all for https://www.* unless for some reason you published that URL at some point. If you didnât then youâre over-engineering your configuration.
4 Likes
Interesting but I donât understand why itâs working in Chrome perfectly and only FF is displaying the error.
Here is my app.yml ssl config:
after_ssl:
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /-k 4096 -w \/var\/www\/discourse\/public/
to: |
-d www.example.com -d www.community.example.com -d example.com -d community.example.com -k 4096 -w /var/www/discourse/public
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /-k 4096 --force -w \/var\/www\/discourse\/public/
to: |
-d www.example.com -d www.community.example.com -d example.com -d community.example.com -k 4096 --force -w /var/www/discourse/public
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /return 301 https.+/
to: |
return 301 https://$host$request_uri;
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /gzip on;[^\}]+\}/m
to: |
gzip on;
add_header Strict-Transport-Security 'max-age=31536000';Iâm sorry, without real details for the site to troubleshoot youâre probably on your own here.
There are ways to step through the problem and identify the cause, but we canât even begin to employ such methods when youâre artificially limiting and redacting aspects of your setup.
The only thing I masked was the actual website name: example. The rest of the details are not redacted in any way.
They are, because I canât inspect the headers and redirects to a fictional URL. Good luck resolving this anyhow.
Are you using Cloudflare or some other âmagically add HTTPS through trickeryâ service?
2 Likes
No, I am not. Absolutely no magic tricks.
2 Likes
Your symptoms are implying that firefox is being case sensitive where Chrome is not. If you add a WWW version to the letâs encrypt domain list does that make Firefox happy?
1 Like