I'm using https://letsencrypt.org Cert for my web. Last thing i made yesterday is to set the cert and polish nginx config.
Before I went to sleep everything was great, my connection was secured, the "locker" near address bar was green, it said SSL by Eset.
Today after i woke up it says "Connection is not secure", please have a look at https://extrasalty.eu
nginx config for the web:
# cat /etc/nginx/sites-enabled/extrasalty.eu
server {
listen 80;
server_name extrasalty.eu;
return 301 https://$server_name$request_uri;
}
server {
ssl_certificate /etc/letsencrypt/live/extrasalty.eu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/extrasalty.eu/privkey.pem;
#listen 80; ## listen for ipv4; this line is default and implied
listen 443 ssl default_server;
client_max_body_size 10m;
(...)
Edit:
It seems it's being "verified" and ssl cert is showing up as secure when i log in to the forums, but before that it says "Not secure", any clue why?
I see the "Sign in through STEAM" image and google-font are loaded via http.
Here's the copy as curl of it: curl 'http://steamcommunity-a.akamaihd.net/public/images/signinthroughsteam/sits_large_noborder.png' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36' -H 'Accept: image/webp,image/,/*;q=0.8' -H 'Cache-Control: max-age=0' -H 'If-None-Match: "16e5-4d62d40919e00"' -H 'Connection: keep-alive' -H 'If-Modified-Since: Wed, 20 Feb 2013 19:49:12 GMT' --compressed
Serve it via https and the error will be gone. Basically, change the src in the img tag to https and also, load the google-font via https. Give it a try.
