Jump to content

My page say security risk access


sylvain

Recommended Posts

Hi there i have notice and friends of mine have notice that contacted me; that when wanting to go to my website, they see a security risk message. They as i go on my website at: https://sylvain.heliohost.org

I'm not an expert but i think it might be the expiration date of the http(s) certificate? That expired the 6 sept 2021. Could you please fix it, i dont know anythings about it; i just have basic knowledges about creating basic pages. I still wait for the plesk invitation before login, well at leass you know that i want to keep alive, not suspended and online my website. Note that i am on Tommy.

Thank's for your time and help.

Sylvain A+

 

Link to comment
Share on other sites

It is indeed the date.

The certificate is expired because autossl no longer works without cpanel. There is no way for a user to install a new cert at this time, so the best solution would be to remove any forced SSL redirect you may have and allow plain HTTP until plesk is up and running. If you have such a redirect in your .htaccess file, you can edit the file via SFTP to remove it.

Link to comment
Share on other sites

I dont know how to do it. I do think there is some admin or moderator that for me that have changed before the normal http to https. I wonder at what line of the htaccess file, i dont have server knowledges.

The file htaccess that i have downloaded in july of this year is writen:

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php56 .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

I dont know what it mean at all?? I also see it is writen "do not edit". It is not me that have did this, so i think it is some admin or moderator that have done it for me, without me knowing it. But was glad was made because of the https and not http.

So with no server knowledges and affraid to cause problems, could you please take a look at it?

Thanks for your time and help. A+

 

Link to comment
Share on other sites

That htaccess has nothing to do with ssl, that code sets the PHP version. There can be more than one .htaccess though, check the one in public html, whatever folder your domain points to, as well as in your home folder.

If you generate new certificates with a free service like zerossl and upload them to your home folder (not public_html), Krydos can manually install them instead. I didn't mention this earlier because I didn't think K would want the extra hassle, but he ended up offering this himself for another user.

Link to comment
Share on other sites

I have gone to the website of Zerossl.com then i have writen: sylvain.heliohost.org and entered my e-mail. Then the website have givin me a txt file that on there site indicated to put it into: /public_html/.well-known/pki-validation

that's what i did, then the website checked that the txt file have the same file name. To conclude that it is ok that it's my website. After it have givin me a certificate zip file with files into. From it i dont know what to do next? But if Krydos check the: /public_html/.well-known/pki-validation

he should then notice the fiew things i have put into the folder. Cant access to my cpanel trough heliohost, so dont know what to do. I just hope that this Zerossl is safe and not some bad "backdoor"? Also that it is free as there website said, and that when the 90 days is off; that i can renew again and again without having to pay? I have difficulties to understand terms and agreements, because i have difficulties to understand many things. Looking some youtbe video about free lifetime ssl, many point out to Cloudflare, something as that as i remember. My website is only a personnal free website.

Thank's for your time and help. A+

Link to comment
Share on other sites

If it is limited this ssl and time limit, then i would prefere that it is http simply rather then https. Still hope that Plesk will be fine and always free a https. A+

Link to comment
Share on other sites

Looking and have found:

I think then ZeroSSL might be not correct for me, because of the limitations. Think gonna go check FreeSSL.org

Link to comment
Share on other sites

Wolstech please correct me if my understanding is wrong. You have writen:

The certificate is expired because autossl no longer works without cpanel. There is no way for a user to install a new cert at this time, so the best solution would be to remove any forced SSL redirect you may have and allow plain HTTP until plesk is up and running. If you have such a redirect in your .htaccess file, you can edit the file via SFTP to remove it.

Also you have mentionned the file "htaccess", when i open it with "Notepad++" i dont see any codes about redirecting. I have checked all the files named "htaccess" and there is only one that has the codes:

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php56 .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

Does this mean that i only have to "delete" all the files and folders that is into the folder "ssl"?? Then everything going to be all right, that it will return https to http automaticly?

I dont want to make any errors or cause problems. Server knowledges, i have none.

Thank's for your time and help. A+

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...