EmailDiscussions.com

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   FastMail Forum (http://www.emaildiscussions.com/forumdisplay.php?f=27)
-   -   Secure websites on FastMail (http://www.emaildiscussions.com/showthread.php?t=73928)

edu 6 Sep 2018 02:51 PM

Secure websites on FastMail
 
Published today:

https://fastmail.blog/2018/09/06/sec...bsite-support/

In my case, I tried the steps in my websites and they don't work, and I automatically received emails saying FM will try again and will tell me when it works.

Did it work for you?

edu 6 Sep 2018 03:14 PM

Wow!!
After some minutes I've received new emails telling me that after some problems now it works.

Great!

FredOnline 6 Sep 2018 03:22 PM

Just went in and checked the secure box on each of my personal website pages, then did a CTRL+F5 on one of my web pages to test, and it's got the padlock - connection is secure. :cool:

alawyer 7 Sep 2018 12:40 AM

This is great.

Have been waiting for this.

Can now start moving basic sites across to FM so no need to pay for hosting.

Might they support WP one day?

yositimy 7 Sep 2018 04:49 AM

I checked the box to secure my website(s).

I get a "The security certificate presented by this website was issued for a different website's address" from exploder. I get a" certificate name does not match error" from safari, Firefox doesn't seem to mind.


So its not working for me at the moment... or there is more to it than checking a box. I did open a support ticket.

Terry 7 Sep 2018 10:29 AM

silly question but I suppose you did click save

yositimy 7 Sep 2018 10:59 PM

Yes, saved. If I click the open anyway button on the browser, the page will open and the default browser trust settings are modified. Subsequently, the page opens without issue.... with the padlock.

I can see the certificate issued and review it. From my amateur mindset, I don't see anything wrong with it.

BritTim 7 Sep 2018 11:29 PM

Quote:

Originally Posted by yositimy (Post 607697)
Yes, saved. If I click the open anyway button on the browser, the page will open and the default browser trust settings are modified. Subsequently, the page opens without issue.... with the padlock.

I can see the certificate issued and review it. From my amateur mindset, I don't see anything wrong with it.

This feels like a web of trust issue. Are you using a recent version of a major browser?

yositimy 8 Sep 2018 03:08 AM

Yes, most current Safari and Exploder. Firefox doesn't seem to mind, although it may be a couple versions behind.

Exploder says the error indicates the certificate presented was issued for a different website's address. Safari says there is a host name mismatch.

I noticed that the name and DNS fields on my other certificates have both" www.*****.com" and "*****.com" listed where Fastmail's contains only "******.com"


If I select visit site anyway, my browser trust settings get updated and I can then open the page without issue.

Anyway, I'm virtually clueless in this area and just report what I see.

Edit: The latest Firefox version does the same thing. The FireFox error message says the certificate is only valid for *****.com. not valid for www.*****.com.

Error code is: SSL_ERROR_BAD_CERT_DOMAIN

FredOnline 8 Sep 2018 01:49 PM

Are your web pages on a personal domain or using the FastMail domain?

https://www.fastmail.com/help/files/secure-website.html

Currently we're unable to provide certificates for wildcard websites and websites on FastMail domains (such as fastmail.com)

yositimy 8 Sep 2018 10:38 PM

No I have the right kind of domain. For example, lets say we are talking about the personal domain abcde.com and the "abcde.com" domain registrar is not fastmail. Fastmail is the host for abcde.com and obtained the certificate from lets encrypt, so it passed all those tests. I have fastmail domains also, but the control panel won't let you secure them.

If someone types into the browser "abcde.com" its seamless

If someone types in "www.abcde.com" with a current browser, they get an error until they trust the site and modify their trust settings. With some older browsers, the user won't get an error.

The padlock shows up regardless.


My other certificates for domains hosted elsewhere would have both "abcde.com". and "www.abcde.com" listed in the certificates. So it doesn't seem to matter if they type in www or not or if off site "redirect" pages have www in the link address or not.


I think that may be the issue.

FredOnline 8 Sep 2018 10:46 PM

In your FastMail accounts for websites, do you have www.abcde.com set up to redirect to abcde.com?

yositimy 9 Sep 2018 05:14 AM

Thanks

I don't have have redirects, as I understand them, which has not been an issue. When toying with it years ago, I never had luck with redirects, fastmail could never seem to find the target.

I created a new website in my account "www.abcde.com" that has the same target files a "abcde.com" and now I do not received errors when opening the pages.

I have a couple websites that will need new entries, if this is the right way to go about this.

By the way, this personal site has been more of a hobby and test site to me, but I do appreciate the help/suggestions.

pjwalsh 10 Sep 2018 06:36 PM

Pleased to see HTTPS redirects to external sites do work.

edu 21 Sep 2018 05:17 PM

I checked my domains and they had the same problem with www (needing to add an exception to the ssl certificate or not working).
I had to create a "new website" adding in the first box www. and in the second box my domain and it works! This should be automatic but it's not, so we need to create 2 websites to every domain: one only with the domain and the second with www.
I hope it helps you too.

Quote:

Originally Posted by yositimy (Post 607704)
No I have the right kind of domain. For example, lets say we are talking about the personal domain abcde.com and the "abcde.com" domain registrar is not fastmail. Fastmail is the host for abcde.com and obtained the certificate from lets encrypt, so it passed all those tests. I have fastmail domains also, but the control panel won't let you secure them.

If someone types into the browser "abcde.com" its seamless

If someone types in "www.abcde.com" with a current browser, they get an error until they trust the site and modify their trust settings. With some older browsers, the user won't get an error.

The padlock shows up regardless.


My other certificates for domains hosted elsewhere would have both "abcde.com". and "www.abcde.com" listed in the certificates. So it doesn't seem to matter if they type in www or not or if off site "redirect" pages have www in the link address or not.


I think that may be the issue.



All times are GMT +9. The time now is 08:32 PM.


Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy