Issue today with secured connection : Forums : PythonAnywhere

Issue today with secured connection

I never had any problem logging into my site admin before but today my browser can't confirm that the connection is secure. Can you please check and advise? Thanks

kakasFDD310 | 71 posts | Aug. 6, 2015, 2:45 a.m. | permalink

seems to be working now

deleted-user-690469 | 1 post | Aug. 6, 2015, 3:15 a.m. | permalink

Still not working for me. Earlier today, I couldn't access the pythonanyanywhere site at all because of the browser security warning but now I can, obviously as I am writing this post. However, my browsers still have the security issue when I try to access any of my sites/admin login page.

kakasFDD310 | 71 posts | Aug. 6, 2015, 3:48 a.m. | permalink

Hi kakasFDD310.

While PythonAnywhere.com should work fine now, you may see the security warning when accessing your domains, because you don't have SSL certificates for them.

We do not supply certificates for our users' own domains, that's something you need to do on your own.

dev9 | 19 posts | Aug. 6, 2015, 11:22 a.m. | permalink

Thanks for your reply.

Yes, I obviously know all that but I have been logging in to my site admins for a long time now, from the beginning, without the warnings... until today. I have not changed anything but now I have the warning.

The only way I can login to my admin, from the very beginning, if I us the https URL and I have been using that with no problems for the admin login page.

Can you please advise why now, today all this changed?

kakasFDD310 | 71 posts | Aug. 6, 2015, 2:56 p.m. | permalink

If I try to access my admin using http instead of https I get this error: Admin is disabled because insecure channel So, I have to use https which, as I said has been working fine but now it's giving me a warning.

Please advise.

kakasFDD310 | 71 posts | Aug. 6, 2015, 3:18 p.m. | permalink

You're getting the warning because there is no HTTPS certificate installed for your domain. When an HTTPS request comes in for your site, PythonAnywhere has to provide a certificate, and because we don't have one installed, we just serve up a "wildcard" certificate that covers *.pythonanywhere.com. This doesn't match your domain name, so your browser gives a security warning.

As to why this changed recently -- my guess is that you, or someone else using the same computer, did get that warning at least one time in the past. However, perhaps you (or they) clicked on a "continue anyway" link to get past the security warning, and the browser stored away something to say that this specific security exception was one that it could ignore. So from then on, your browser didn't give you a security warning when it received that specific certificate for *.pythonanywhere.com when you visited the admin pages.

Two days ago, our old certificate for *.pythonanywhere.com expired, so we replaced it with a new one. If my theory is correct, then your browser would notice that the specific certificate it was disabling its security warnings for was no longer being served. So it started showing you the warning again.

Does that sound plausible?

Either way, if you're using HTTPS on your own domain, we really recommend that you get your own certificate. There are free providers; check out our help page for more information.

giles | 11788 posts | PythonAnywhere staff | Aug. 7, 2015, 11:57 a.m. | permalink