Migrate to https?????

  • 0
  • 4
  • Problem
  • Updated 12 months ago
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Archived

Google sent a message saying there will be an error displaying soon for any form on a page that doesn't use https. Within my homestead based site I don't believe I control whether my site uses http or https, do I? If I do, I can't find how to change/update this within the management tools I have. If I don't control this on my homestead site, how will it be fixed? I'm freaking out because all of my pages have a form and according to the google warning, visitors are soon going to get an error message any time someone sends me something in my form from any page. Help please!!!!
Photo of Tedia3946

Tedia3946

  • 846 Points 500 badge 2x thumb
  • very worried

Posted 1 year ago

  • 0
  • 4
Photo of Bechara2394

Bechara2394

  • 454 Points 250 badge 2x thumb
I received a similar message from Google.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
Can you post the info that was in the message from Google?
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
I have been researching this for the past couple hours and would love to hear what Homestead is going to do as everything I have seen says until this point Homestead has not thought it is important there it hasn't been an option for us?
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
We have not seen this letter. Can one of you please post it? If you prefer, you may make a private topic and post it there.

This seems like a browser change and not a ranking issue, but I should like to investigate this further.
Photo of Bechara2394

Bechara2394

  • 454 Points 250 badge 2x thumb
I understand that we need to add an SSL which could be purchased for a fee from another company.
The problem is: would Homestead accept or allow a third party SSL for a 3 year certicicate?

And if so, how is this added to a website built with Homestead from scratch?
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
I talked to the company I get my domain names from about purchasing the ssl from them and that is when I found out that Homestead has to allow it to be added to our sites, and that is what they are NOT allowing at this time.  So if you purchased it from a 3rd party, you wouldn't be able to add it to your Homestead site at this time.
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
I do not know the installation requirements of all 3rd party SSL certificates. If you would like to investigate 3rd party options you are welcome to do so. Please keep in mind that on the Homestead platform there is no access to either robots.txt nor .htaccess. If access to these files is required, then it will not be possible to load the certificate.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
When I inquired about a 3rd party SSL I was told we would need access to the Homestead servers...that Homestead would have to allow it, give permission, access, etc....
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
Unfortunately, that is not currently possible on Homestead servers.
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
The most recent comments from Google that I find concerning ranking factor is this ,https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html

Here is the excerpt concerning ranking.
 For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
I continue to pass on these comments. And we do continue to monitor this situation.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
Very well put Lee.  I noticed that about Homestead's url last week when this discussion started.  I too hope we don't have to go elsewhere.  A good friend of mine is a web designer and she has been dying to redo my website on Word Press for about 9 months now but I have been staying loyal to Homestead because I've been with them for so long and I'd hate to change but it looks like my decision to switch is being made for me.
Photo of Bechara2394

Bechara2394

  • 454 Points 250 badge 2x thumb
Drew
Comodo has instructions on how to add SSL certificate for dozens of companies.  Why wouldn't Homestead allow us to buy a certificate and help us install it?
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
The Homestead site does have https, and always has. This has nothing to do with Google. It is so customers can log in to their accounts and email securely, and for those that desire have secure checkout pages through our shared SSL.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
Exactly!  For your customers security!!  We would like to offer OUR customers the same kind of security!  Is this same option going to be made available to us by Homestead?
Photo of Tedia3946

Tedia3946

  • 846 Points 500 badge 2x thumb
Drew, your comment has really added fuel to the fire, rather than help.  If, as a representative of Homestead, you understand why Homestead needs to have HTTPS for your secure checkout pages and secure access to accounts and email, which has nothing to do with google then why, as a representative of Homestead, would you not understand that we also need to offer our customers or potential customers access to securely transmit confidential data or payments, regardless of google ranking.  I run a law firm. There is no way clients or prospective clients would nor should input sensitive data about a legal matter into a site that has a warning that it is not secure. There are other doctors us, regarding the same security concerns, regardless of google.  Any merchant with the Homestead website has to have the same concerns. How do you think this is ok that we are unable to protect our Homestead built sites to the same extent that homestead protects its own site?
Photo of Tedia3946

Tedia3946

  • 846 Points 500 badge 2x thumb
Drew, I think it is very much NOT ok that Homestead is taking the position that this is a concern over how sites will rank and it will not have much of an effect, for now.  1) ANY ranking effect caused by your web builder platform is not ok.  We use your platform because we want to rank and can control how we rank in other areas through our marketing policies and practices. Now, simply because we are using your web builder we will be hurt.  Small hurt now, maybe, perhaps bigger down the road.  Why would we have to wait one bit to not have to be worried about our ranking being harmed IN ANY WAY as a result of using your company's services.  2) Homestead clearly felt this issue was important enough to update their own webpage to HTTPS. So, Homestead's marketing will not be affected by this change as Homestead has protected themselves.  But, Homestead doesn't feel it is important to protect the customers who rely on them at least as much as they protect themselves.  Shame on Homestead!  3) It is not Ok at all to say that the only effect for now will be a "small label in the address bar that will appear only if they fill out a form field on your page."  I run a website for a law firm.  So, now, anyone who sends info through my law firm on the form field I have on EVERY PAGE of my site will see an error message saying my site is not secure. How can anyone at Homestead think this is ok?  Ranking effect or no ranking effect, does it really matter?  Who would ever send information to a law firm that has an unsecured site????  This is NOT ok.  This will directly affect my business credibility and there is nothing I can do to fix this because Homestead assesses this issue as a minor ranking factor? No, not ok!
Photo of Bechara2394

Bechara2394

  • 454 Points 250 badge 2x thumb
I am a doctor. Patients download medical information and post-op instruction forms.  Who would trust an unsecured site?
Homestead should do something about it before October. If they don't, they could lose many loyal customers.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
It is very frustrating that Homestead sees the importance of it, because the Homestead site is secure but they don't see their loyal customers websites as important as their own by not allowing us the option to make ours secure as well.
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
The Homestead site does have https, and always has. This has nothing to do with Google. It is so customers can log in to their accounts and email securely, and for those that desire have secure checkout pages through our shared SSL.
Photo of Lee6184

Lee6184

  • 698 Points 500 badge 2x thumb
Can we have secure pages through the shared SSL as well so we can have a https page?
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
Exactly!  For your customers security!!  We would like to offer OUR customers the same kind of security!  Is this same option going to be made available to us by Homestead?
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
About an hour ago I got a call from a customer that had just placed an order.  He got an error message that there was a problem with the server and the order didn't go through (this is happening quite often now and the orders ARE going through), I explained I did receive his order.  He then added "so is your site pretty secure?  I was asked if I want to proceed, that it's not a secure site"!!!  I have to wonder how many customers I have lost due to this message and people are willing to input their credit card numbers, even though once they get to the 3rd party shopping cart, they are on a secure site.  
This website is my business, my sole source of income and I am no longer willing to have a website that is not secure and looks unprofessional because Homestead doesn't think it's important for their customers to have secure sites.
Drew...please let me/us know what Homestead plans on doing about this.  If Homestead is not going to offer their customers secure website options then I regretfully need to make a change ASAP.

Thank you!
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
Drew....Can you please update as to what the status is of Homestead offering their customers SSL options.  You said you continue to monitor this and you are passing on the comments.  
I just saw in another thread that someone has been in contact with Homestead for over a year about this same issue!
Please give an honest answer...one can "assume" that if people have been requesting this option for over a year and Homestead hasn't changed their stance regarding offering customer secure websites that it isn't going to change anytime soon?
I need to make a decision quickly as to if I am going to put my website elsewhere.  I can't for the life of me though figure out why Homestead would not want to stay competitive w/the competition and offer this option to their customers?
Please give us all an update so that we can make informed decisions about our business websites.

Thank you!
Photo of Bechara2394

Bechara2394

  • 454 Points 250 badge 2x thumb
I am copying and pasting Kathy 1866's message.
I believe it sums up our feelings about this situation.
At least give us the option of buying a third party SSL certificate.


Drew....Can you please update as to what the status is of Homestead offering their customers SSL options.  You said you continue to monitor this and you are passing on the comments.  
I just saw in another thread that someone has been in contact with Homestead for over a year about this same issue!
Please give an honest answer...one can "assume" that if people have been requesting this option for over a year and Homestead hasn't changed their stance regarding offering customer secure websites that it isn't going to change anytime soon?
I need to make a decision quickly as to if I am going to put my website elsewhere.  I can't for the life of me though figure out why Homestead would not want to stay competitive w/the competition and offer this option to their customers?
Please give us all an update so that we can make informed decisions about our business websites.

Thank you!
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
Because I posted to Drew hours ago and there has been no response from him or anyone from Homestead, and because others have been trying to get Homestead to offer SSL for over a year, I think we all need to accept the fact if we want secured websites for OUR customers, we have to make a change. I have been in communication with a friend that is a web designer.  There are options out there for us that offer FREE SSL when you host your site with them.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
And on my Bottomless Bucket page I used to have field forms for the customer to fill out their personal info to include credit card information and I would set them up for auto ship.  Once I found out that their info was NOT secure I removed all the fields and now have it set up for them to have to call me.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
David...Exactly!  So if a potential customer views that, it would appear they are not protected, even if the form really is!  And I believe come October 1st there will be more of a Pop Up warning to the customer, really putting it in their face that they are on an unsecure site.
Photo of david2953

david2953

  • 6,450 Points 5k badge 2x thumb
NOT good...and the exact concern I had a year ago.
Photo of Jan HUTS

Jan HUTS

  • 778 Points 500 badge 2x thumb

Warning !!!

why does homestead ignore the urgent demand for migration to https?

Jan

with the website http://www.ajediam.com since the year 2001

Photo of Jan HUTS

Jan HUTS

  • 778 Points 500 badge 2x thumb

Dear Drew,

any good news about the SSL certificate to get a secure https site for your homestead customers?

We lost about 50% of visitors the last time probably due to backlog in https and no mute to responsive site, proposal by homestead.

We have 323 hugue pages since the year 2001 - If we have to move it will take minimum 2 man-years of work to redo these pages.

Please help and come with good news!

Thank you,

Jan

Photo of Wendy8827

Wendy8827

  • 194 Points 100 badge 2x thumb
I've just been informed that adding the s is critical for SEO.  I don't have anything on my site that needs extra security, but I DO need the SEO.  Homestead, what are you going to do about this?
Photo of Bechara2394

Bechara2394

  • 454 Points 250 badge 2x thumb
Photo of Martin

Martin

  • 5,522 Points 5k badge 2x thumb
Indeed 2394!
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
Bechara2394 and Martin There is one reason that this community is https and that is so that only Homestead customers may post. It was not made secure because of any other reason.
Photo of david2953

david2953

  • 6,450 Points 5k badge 2x thumb
Reasons why SSL is important  

https://thirsty.agency/ssl/
Photo of Donna5855

Donna5855

  • 274 Points 250 badge 2x thumb
We are in the process of looking for another place for our website as we take payments on our website and are loosing customers due to the low security warning. Too bad Homestead doesn't give a darn about our needs. Considering all of the issues migrating to the new builder earlier this year, clearly not a customer-centric company.
I'm glad we are all secure here ranting about all of the problems we have that they don't want to fix... but if my customers aren't secure doing business on my web page then I have no further interest in doing business with Homestead.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
Hi David....Haven't heard anything from Drew since he asked what pages on my site I was referring to.  I understand you are using a third party form for your customers to use but I would imagine the problem still exists that to get to that form they have to be on your website first?  And when on your website as of Oct. 1st if the customer is using Chrome, they may get a security warning message pop up that they are on an unsecure site, do they wish to proceed?  And they will still see on your site to the left of the url that there is no lock to show the site is secure.
At Drews suggestion for immediate need of SSL, I made the decision a couple weeks ago to move my business site (I do have a couple other sites hosted on Homestead that are not for business and don't need to be secure).  A very good friend is a web designer and uses Word Press which ranks at the top of search engines and the host provides SSL as part of the package. Will be complete in another week or so.
Photo of susan2829

susan2829, Champion

  • 42,860 Points 20k badge 2x thumb
David it sounds like you have found a good interim solution. I'd suggest placing some sort of text both on your Home page and on the application page that the information will be obtained on a secure site. That won't eliminate the noxious Chrome warning, but if it's 'splashy' visitors will see it.
Photo of david2953

david2953

  • 6,450 Points 5k badge 2x thumb
Susan...thanks that's a good idea.  

Has anyone seen what this obnoxious Google warning will look like?  My concern is "low information" users, of which there are many will just move on rather than take a chance of inputting any information, even the non-threatening data we need to provide them with a quote.

It really would be nice if the Homestead guys would provide some direction.

We have countless hours invested in our Homestead site so moving it is not something I take lightly.
Photo of Kathy1866

Kathy1866

  • 1,018 Points 1k badge 2x thumb
I have found from my customers that many will move on because so many people are already very concerned about doing business online with credit card fraud that when they see the words "UNSECURE" that's all they will need.  I have many customers that no matter what want to call me to place orders because of their fear of the internet.  From what I can find, this is what the warning will be, although I have had customers tell me they have gotten a pop up type window warning them the site is not secure.  
"Beginning in October, Google’s Chrome browser will display the message “Not Secure” in the address bar when users interact with an unencrypted webpage."
So at this time it appears this warning will be in the address bar.
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
david2953, The warning will be in the address bar. It will only display on a page with a form on it and only after the visitor clicks into a form field. David, if your secure form is hosted on a secure page via a link from your site, the visitor should not see this new warning. This should be a viable solution, regardless of how our other tests work out.

Kathy1866, I am sorry I did not catch this earlier, but you will need to fix your domain. You are forwarding the domain. You want to point the domain via DNS. This is another Google ranking factor. If you go to your domain, you see the address bar changes to the .homestead.com URL. You would never be able to SSL your site because you would need to own Homestead.com to do so.

How to point will depend on if you want to use your existing nameservers and if you use any other services that have specialized DNS records set up.
Photo of david2953

david2953

  • 6,450 Points 5k badge 2x thumb
Is this what we all have to look forward to?

Drew...can you provide an update on the possible fix I think you mentioned last week?


(Edited)
Photo of susan2829

susan2829, Champion

  • 42,860 Points 20k badge 2x thumb
I guess my emails would be to the browsers who are implementing this and I would also wonder about consulting with an attorney. It seems to me that Google, et al are chasing potential business away from sites who haven't met their latest decree and some sites don't even collect information and are still being punished. Then there are sites who use a third party company to process payments and that too is not taken into consideration. I could live with their stupid padlock, but the message shown in David's post is just wrong. It makes you wonder if Google isn't trying to funnel visitors to sites who further line their pockets. It's tantamount to highway robbery.
Photo of david2953

david2953

  • 6,450 Points 5k badge 2x thumb
Drew...can you provide an update on what Homestead's plans are regarding SSL.  Is there a migration plan and when can we expect to have it available?
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
I'm going to have something that will work for you later today David. I'll make a topic and merge this one into it.

It will not solve the issue completely for Sitebuilder sites just yet, but for Websitebuilder sites it does the trick.
Photo of david2953

david2953

  • 6,450 Points 5k badge 2x thumb
Sounds good I am anxious to hear the solution.
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
Sorry David. I was much busier than anticipated today and I haven't been able to complete my new topic yet. I am currently waiting on some propagation before I can complete it. I am going to try to finish tonight, but I have to wait for the propagation to finish, which I can't predict. If it doesn't complete shortly, I will have to wait until tomorrow to check it.
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
If you are using the new Websitebuilder, please feel free to read this topic on the matter of SSL.

https://community.homestead.com/homestead/topics/can-i-use-https-on-my-websitebuilder-site
Photo of Wendy8827

Wendy8827

  • 194 Points 100 badge 2x thumb
This reply was created from a merged topic originally titled SSL.

OK, then, what do we do if we have an older site that's not the "new Websitebuilder?"  Is there any easy way to pull an older site into the newer platform?

*Never mind, I see that the platforms are not compatible.  Ugh, ugh, ugh.*

Note: This conversation was created from a reply on: Can I use HTTPS on my Websitebuilder site?.
Photo of Drew N

Drew N, Community Manager

  • 258,538 Points 100k badge 2x thumb
Wendy8827, This method should work for Sitebuilder sites if we can get some development work done. We have requested it and I will post as I get more information.
Photo of jody0248

jody0248

  • 166 Points 100 badge 2x thumb
that would be nice since i've had my website here since before websitebuilder was even a thing :/ 

This conversation is no longer open for comments or replies.