sub domain and SSL

I am using a sub-domain from infinityfree and the option to add an SSL on to a sub-domain is not available in the control panel ssl area. I checked the .htaccess file and the following is present:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Why does my site warn me I am visiting a site that is not secure?

postaprayer.myboard.org is the name of the sub-domain

Can anyone tell me where I am going wrong here so I have a site that is SSL?

Scott

1 Like

@scottrturner said:
I am using a sub-domain from infinityfree and the option to add an SSL on to a sub-domain is not available in the control panel ssl area. I checked the .htaccess file and the following is present:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Why does my site warn me I am visiting a site that is not secure?

postaprayer.myboard.org is the name of the sub-domain

Can anyone tell me where I am going wrong here so I have a site that is SSL?

Scott

Do you have a valid ssl certificate?
If none, then you will continue to get that issue you are currently experiencing.

@scottrturner said:
I am using a sub-domain from infinityfree and the option to add an SSL on to a sub-domain is not available in the control panel ssl area. I checked the .htaccess file and the following is present:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Why does my site warn me I am visiting a site that is not secure?

postaprayer.my-board.org is the name of the sub-domain

Can anyone tell me where I am going wrong here so I have a site that is SSL?

Scott

I see that you tried to get a Let’s Encrypt certificate; However, this is not possible here:
https://infinityfree.net/support/cannot-use-or-have-problems-using-lets-encrypt-or-sslforfreecom/

There is a way to do that, however it will not work with free subdomains like my-board.org, epizy.com and so on…

You may, safely, remove that code from your .htaccess if you do not plan on buying SSL.

I do not control or have access to the subdomain SSL in the hosting account.

So the hosting company is running the sub domain without an SSL? I may not understand the logic in place regarding the SSL.Why would the hosting company want its clients to build on a sub domain without an SSL?

@scottrturner said:
So the hosting company is running the sub domain without an SSL? I may not understand the logic in place regarding the SSL.Why would the hosting company want its clients to build on a sub domain without an SSL?

Because the hosting company has no way to provide SSL for the subdomains?

We’d love to offer free SSL and we are working on providing it (and are well on the way for custom domains). But every provider we know which offers free SSL (and makes it feasible to install them on a large scale), has limits on how many certificates you can issue per registered domain. With Let’s Encrypt we can’t even acquire 0.1% of the certificates we would need.

On small scale, using Let’s Encrypt is easy. On InfinityFree scale, absolutely not.

Is there a way to change my site from HTTPS to HTTP in the phpbb or any other settings?

@scottrturner said:
Is there a way to change my site from HTTPS to HTTP in the phpbb or any other settings?

Of course! Just do whatever you did to force HTTPS in the first place and do that in reverse. Did you add .htaccess codes? Remove them! Did you change settings in phpBB? Change the settings back!