lerkeveld/lerkeveld-underground

Serve website over HTTPS

Closed this issue · 3 comments

Not sure if this is the right place to report this, but right now the Lerkeveld Underground website is served over HTTP, which is insecure for logins, as my browser points out.

HTTPS is to be configured on the HTTP-server.
It can be configured easily and free of charge with certbot from the Electronic Frontier Foundation: https://certbot.eff.org/

Hi! Yes this is indeed an open issue and insecure. However, currently Lerkeveld hosts their website at Ulyssis (https://ulyssis.org/) and because we don't have sudo privileges, we rely on them for services such as SSL/TLS. As mentioned in the documentation of Ulyssis (https://docs.ulyssis.org/Getting_SSL), currently Ulyssis does not have an automated system for renewing and deploying certificates. As of previous academic year this was indeed still the situation.

I notified the current IT representative of Lerkeveld, she will check with Ulyssis if any progress has been made regarding SSL.

Oh, I see, that complicates stuff. Anyway, keep up the good work!

This should be fixed: Ulyssis got a certificate for our domain via ICTS. Also, all HTTP traffic should now redirect to HTTPS so no insecure access is allowed.