677 Messages
•
44.6K Points
Can I Secure My Homestead Website With HTTPS?
For SITEBUILDER PLUS ONLY. Do not use if you have Website Builder.
If you have a Simplestore using Sitebuilder Plus, DO NOT PROCEED WITH THIS PROCEDURE.
For more information please read this topic:
https://community.homestead.com/homestead/topics/cloudflare-common-cloudflare-issues
Important: When we update the nameservers, it is possible to see some interruption with the website and email as the settings propagate. This is to be expected, but if it has been more than 24 hours, please contact support and we can assist.
*click on images to enlarge*
This topic addresses displaying a "secure" rating in the address bar. Currently your site shows an information icon to the left of your URL. If you click it, the message will say the site is not secure.
If you have a contact form this is important. As soon as you begin filling in a field in the form, the browser will display a more obvious message in the address bar.
To secure your site you will need to update your nameservers using Cloudflare. Below are detailed instructions on correctly configuring this so your website will be secure and your customers will feel more confident providing you their contact information.
1) Go to http://www.cloudflare.com and click on the sign up link.
2) Please enter your email address and password you wish to use for your Cloudflare account. If possible, please do not use an email address connected to your domain.
We strongly recommend you read the term and conditions. To continue you must agree to the terms and conditions by clicking on create account.
3) Enter your domain name and click on Add site
4) Select the FREE plan and click Confirm Plan.
5) Cloud flare will scan your current DNS settings and automatically populate the found DNS records. When the scan is complete, and you see all records present, click continue .
6) Compare the DNS records Cloudflare scanned to your existing DNS records. These can be found in your Homestead account, under Domains > Advanced DNS settings. They should match. If they do, click Continue.
If they don't, you can click on the name or value inside of Cloudflare that is incorrect and edit it. If you need help viewing your current DNS records, please see our topic, How can I view and edit my DNS records using Homestead nameservers.
NOTE: Please make sure to verify that the MX record has been added inside of CloudFlare's DNS settings. If you do not see a record with MX next to it, then we will need to add the MX record.
Click MX in the drop down, then click Name and type @, then Click to configure just right of that box. It will open a new window, please confirm your MX record.
If you are using email with Homestead, for server you will add mx.YOURDOMAIN.com, and for Priority you can put 10. Click save, then click Add Record.
7) Cloudflare will now provide you the new nameservers for your domain. If you do not see your nameservers, proceed to the DNS page inside of Cloudflare, and scroll down until you see Cloudflare Nameservers.
Important: When we update the nameservers, it is possible to see some interruption with the website and email as the settings propagate. This is to be expected, but if it has been more than 24 hours, please contact support and we can assist.
8) Log into your Homestead account and click the domains tab on the left. Under the domain you are working on, click Edit your nameservers. You will need to click delete next to ns3.mdnsservice.com and then change the other 2 nameservers to the ones provided by Cloudflare. You can't change and delete in the same step, so you will need to click edit twice. Click Submit
9) Return to Cloudflare and click done check nameservers.
10) The first part is now completed. Now, please review and confirm that the SSL is set to Flexible and always use HTTPS is turned on.
11) Over the next 24 hours, try manually typing in your site with https. If it isn't set up yet, you'll get an error page. Just type https://www.yourdomain.com and when you see your site load with HTTPS, please proceed to the next step.
NOTE: Do not proceed to the next step until you can view your website when using HTTPS (https://www.yourdomain.com) When you see your site load with HTTPS, continue to step #12.
12) Click on the SSL/TLS button at the top and select Edge Certificates.
13) Scroll down on this page and look for the section entitled "Always use HTTPS" Turn it on. Also scroll to the bottom and find "Automatic HTTPS Rewrites" Turn it on. All other settings you can leave as default.
In a few minutes, your site will show secure.
If your site is not showing fully secure, please go republish your site.
Note: This solution is for Sitebuilder Plus sites only.
If you have a Simplestore using Sitebuilder Plus, DO NOT PROCEED WITH THIS PROCEDURE.
For more information please read this topic:
https://community.homestead.com/homestead/topics/cloudflare-common-cloudflare-issues
Important: When we update the nameservers, it is possible to see some interruption with the website and email as the settings propagate. This is to be expected, but if it has been more than 24 hours, please contact support and we can assist.
*click on images to enlarge*
This topic addresses displaying a "secure" rating in the address bar. Currently your site shows an information icon to the left of your URL. If you click it, the message will say the site is not secure.
If you have a contact form this is important. As soon as you begin filling in a field in the form, the browser will display a more obvious message in the address bar.
To secure your site you will need to update your nameservers using Cloudflare. Below are detailed instructions on correctly configuring this so your website will be secure and your customers will feel more confident providing you their contact information.
1) Go to http://www.cloudflare.com and click on the sign up link.
2) Please enter your email address and password you wish to use for your Cloudflare account. If possible, please do not use an email address connected to your domain.
We strongly recommend you read the term and conditions. To continue you must agree to the terms and conditions by clicking on create account.
3) Enter your domain name and click on Add site
4) Select the FREE plan and click Confirm Plan.
5) Cloud flare will scan your current DNS settings and automatically populate the found DNS records. When the scan is complete, and you see all records present, click continue .
6) Compare the DNS records Cloudflare scanned to your existing DNS records. These can be found in your Homestead account, under Domains > Advanced DNS settings. They should match. If they do, click Continue.
If they don't, you can click on the name or value inside of Cloudflare that is incorrect and edit it. If you need help viewing your current DNS records, please see our topic, How can I view and edit my DNS records using Homestead nameservers.
NOTE: Please make sure to verify that the MX record has been added inside of CloudFlare's DNS settings. If you do not see a record with MX next to it, then we will need to add the MX record.
Click MX in the drop down, then click Name and type @, then Click to configure just right of that box. It will open a new window, please confirm your MX record.
If you are using email with Homestead, for server you will add mx.YOURDOMAIN.com, and for Priority you can put 10. Click save, then click Add Record.
7) Cloudflare will now provide you the new nameservers for your domain. If you do not see your nameservers, proceed to the DNS page inside of Cloudflare, and scroll down until you see Cloudflare Nameservers.
Important: When we update the nameservers, it is possible to see some interruption with the website and email as the settings propagate. This is to be expected, but if it has been more than 24 hours, please contact support and we can assist.
8) Log into your Homestead account and click the domains tab on the left. Under the domain you are working on, click Edit your nameservers. You will need to click delete next to ns3.mdnsservice.com and then change the other 2 nameservers to the ones provided by Cloudflare. You can't change and delete in the same step, so you will need to click edit twice. Click Submit
9) Return to Cloudflare and click done check nameservers.
10) The first part is now completed. Now, please review and confirm that the SSL is set to Flexible and always use HTTPS is turned on.
11) Over the next 24 hours, try manually typing in your site with https. If it isn't set up yet, you'll get an error page. Just type https://www.yourdomain.com and when you see your site load with HTTPS, please proceed to the next step.
NOTE: Do not proceed to the next step until you can view your website when using HTTPS (https://www.yourdomain.com) When you see your site load with HTTPS, continue to step #12.
12) Click on the SSL/TLS button at the top and select Edge Certificates.
13) Scroll down on this page and look for the section entitled "Always use HTTPS" Turn it on. Also scroll to the bottom and find "Automatic HTTPS Rewrites" Turn it on. All other settings you can leave as default.
In a few minutes, your site will show secure.
If your site is not showing fully secure, please go republish your site.
Note: This solution is for Sitebuilder Plus sites only.
steve7353_2cad1f
29 Messages
•
1.7K Points
6 years ago
I have been going around in circles for days now trying to follow the Cloudflare https changeover instructions for an old (test) site:
http://www.moreinformation4u.com/index.html
Dealing with Cloudflares support staff is an absolute nightmare ... they all speak high tech gobbledegook ...and don't help at all!
Could Homesteads ... as the "experts" who manage our sites and gladly take our subscriptions, not in their infinite wisdom have found a way to look after this transition for us (... and long before now by the way ... Firefox has been marking none https sites as "high risk" for a couple of years now) ... instead of forcing none IT savvy small businesses to "do it themselves" through a FREE service ... which is far from satisfactory, frustratating and very time consuming.
Any thoughts Homesteaders?
3
steve7353_2cad1f
29 Messages
•
1.7K Points
6 years ago
Following my earlier comment, here is a communication I've just recieved from Cloudflare ...
one of their simpler responses ... but I think it supports the point I'm making:
tcloonan (Cloudflare)
Aug 21, 1:59 PM PDT
Hi Steve,
Sorry you're still having issues, my name is Tim and I'll assist you today. I visited the site and the account and can see that ssl is enabled and the certificate is in place. Image attached. But, there are mixed content issues to address. I'll include detail on mixed content in the ps of this note, but basically you want to login to your cloudflare account and on the Crypto tab, turn on Always use HTTPS? That will force folks to https, even if they type http. Next, we need to correct the http calls to make sure that works.
I can see you have Automatic HTTPS rewrites enabled, that's good and addresses a lot of mixed content issues. But not all of them. Some, like the calls on your site, need to be changed manually. This is because automatic rewrites don't work with Javascript and css files. And, you're calling both Javascript and a css stylesheet using http, not https. Details on how to change in the ps of this email.
You can visit this test site to check your domain, https://www.cloudflare.com/lp/ssl-test/?utm_medium=website&utm_source=blog&utm_campaign=chrome68. I've attched an image of what I am seeing right now. And, it is showing the errors that I'll include in the text of the ps.
We will mark this as solved for the moment. After you make the above changes, clear your cache and visit the site. And then, let us know if you have any further questions or issues by replying to this e-mail or ticket to have it immediately reopened.
Thank you & kind regards,
Tim
PS - Here is the background on the mixed content errors that you'll need to address. Mixed content errors mean that your website is being loaded over HTTPS (because you've told it in the setting to always use https), but some of the resources are being loaded over HTTP. To fix this you will need to edit your source code and change all resources to load over a relative path, or directly over HTTPS.
For example, if you load your images with a full URL:
You would want to change this to:
By removing the
http:, the browser will use whichever protocol the visitor is already using. See this article for more information.An alternative option would be to enable the Automatic HTTPS Rewrites feature that can potentially fix these errors for you automatically. Do be aware that resources loaded by JavaScript or CSS will not be automatically rewritten and mixed content warnings will still appear. This is the issue you're seeing and here are the errors to correct:
Join the Cloudflare Community
5
0
darryl3174
5 Messages
•
244 Points
6 years ago
I followed all your instructions, I have Secure on my browser.
But, as a result of the changes, I have not received an incoming email for 10 days. Not on my iPhone, iPad or Mac. I was out of the country on vacation and did not notice all emails received were from the other email addresses
This is my work account...people are no doubt wondering how responsive I am.
Also, it is 4pm. I have to leave at 4:30am to volunteer at an event. I do not know where to go, who to see, etc.
Several people have been receiving "Can't deliver" when sending me an email.
How do I resume getting my emails?
1
0
tmsound716
20 Messages
•
664 Points
6 years ago
4
0
kristina6139
3 Messages
•
192 Points
6 years ago
1
0
johnnie5933
8 Messages
•
460 Points
6 years ago
6
0
michael8668
14 Messages
•
704 Points
6 years ago
1
0
frankbusby6351
15 Messages
•
380 Points
6 years ago
My next question is: I have used homestead for a few years and a few different computers. I now have a computer with windows 10. Do I need to upgrade homestead?
I am also trying to scan and put a document on my site but it comes out scrambled.
How do I take a scanned document and insert it into my site??
I am now 76 yrs and maybe I just forgot how.
Thank you for your help
5
0
mauriziof
28 Messages
•
814 Points
6 years ago
My site is showing as "note secure" I have followed a number of threads but I couldn't see a way of fixing this. Any advice please?
4
0
peter3856
1 Message
•
130 Points
6 years ago
I followed the steps, I have changed the nameservers to the cloudflare ones given, my cloudflare page shows SSL as flexible, but nothing has changed on my website.
It stills come up as "not secure" and if I try to type in https, then I get can't be reached error message.
Any chance of some help or advice?
2
0
r
69 Messages
•
3.1K Points
6 years ago
Hi Peter. Sorry to hear that you're having problems. The office is closed on weekends, so you might have to wait until Monday for an authoritative reply. Wish I could help, but I don't think I can even attempt the change myself. Best of luck!
0
margaret7791
3 Messages
•
210 Points
6 years ago
1
0
maria5631
51 Messages
•
1.7K Points
6 years ago
My site is listed as Not Secured. Can you provide me with the steps to secure the site. Thank you
1
0
r
69 Messages
•
3.1K Points
6 years ago
Hi Elyzabeth!
Since it's highly unlikely that I'll be doing the Cloudfare thing at least for now, I'd like to make an announcement on my website to warn readers about the upcoming message they might see which warns them that my site is no longer secure. They might think they'll get a virus from visiting the site, so I want to allay their fears. Do you have any suggestions what I should tell them?
Thank you very much and best wishes.
2
0
stephanie1968
6 Messages
•
270 Points
6 years ago
1
0