Yes, SmugMug needs to make this a priority because it's a priority with your users. There's a reason why you offer custom domains, and there's a reason why we pay extra to use them. It was suggested in an earlier post that we could resolve the SEO and other issues by NOT using a custom domain and having SmugMug as part of our URL. To me, that's not a professional presentation and I'm not about to put that on my business card or anywhere else.
Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...
@GreenT said:
Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...
Definitely no secret that SmugMug does take a fair while to release features that we've been promised.
Though when something is released, it's pretty much bulletproof. So we can't fault them there.
@GreenT said:
Yes, SmugMug needs to make this a priority because it's a priority with your users. There's a reason why you offer custom domains, and there's a reason why we pay extra to use them. It was suggested in an earlier post that we could resolve the SEO and other issues by NOT using a custom domain and having SmugMug as part of our URL. To me, that's not a professional presentation and I'm not about to put that on my business card or anywhere else.
Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...
Back in October 2016 I mentioned that we had launched on SSL for non-custom domains and that we wanted to get to custom domains as well. Here on DGrin I've been a little more descriptive and mentioned that we have a number of items that are out-of-our-hands that we're pushing as hard as we can to get in place so that we can support it. It's something we'd love to have, but very few services have been able to figure out. SquareSpace, for example, offers it, but none of the links to your photos use the custom domain, it uses their own CDN URL, which you all have told us you hate. So we're going to do it in a way that you love. It's one of our top priorities to accomplish but I don't have any estimate on when we'll be able to launch it.
> @Garga said: > @GreenT said: > Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ... > > > > > > > Definitely no secret that SmugMug does take a fair while to release features that we've been promised. :/ > > Though when something is released, it's pretty much bulletproof. So we can't fault them there. <3
Yes, you're right -- SmugMug works to make sure everything operates smoothly. That's a BIG plus in their favor.
> @leftquark said: > @GreenT said: > Yes, SmugMug needs to make this a priority because it's a priority with your users. There's a reason why you offer custom domains, and there's a reason why we pay extra to use them. It was suggested in an earlier post that we could resolve the SEO and other issues by NOT using a custom domain and having SmugMug as part of our URL. To me, that's not a professional presentation and I'm not about to put that on my business card or anywhere else. > > > > Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ... > > > > http://feedback.smugmug.com/forums/17723-smugmug/suggestions/6498302-support-encrypted-connections-https-with-custom > > > > > > Back in October 2016 I mentioned that we had launched on SSL for non-custom domains and that we wanted to get to custom domains as well. Here on DGrin I've been a little more descriptive and mentioned that we have a number of items that are out-of-our-hands that we're pushing as hard as we can to get in place so that we can support it. It's something we'd love to have, but very few services have been able to figure out. SquareSpace, for example, offers it, but none of the links to your photos use the custom domain, it uses their own CDN URL, which you all have told us you hate. So we're going to do it in a way that you love. It's one of our top priorities to accomplish but I don't have any estimate on when we'll be able to launch it.
I appreciate your response. And I appreciate the fact that you're working to launch the feature in a way that we'll love. Thanks for listening.
Since this has no ETA (which I fully understand), can there be an opt in where users can manage their own cert? even if that involves some effort on our end. This is becoming a usability issue now, as more and more networks downgrading unsecured sites and popular browsers flagging them off (chrome already shows a exclamation mark in the address bar). If the ideal solution is hard to pull off in a reasonable amount of time, it may be worthwhile to think of more practical solutions
@ashishpandey said:
Since this has no ETA (which I fully understand), can there be an opt in where users can manage their own cert? even if that involves some effort on our end. This is becoming a usability issue now, as more and more networks downgrading unsecured sites and popular browsers flagging them off (chrome already shows a exclamation mark in the address bar). If the ideal solution is hard to pull off in a reasonable amount of time, it may be worthwhile to think of more practical solutions
When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.
@leftquark said:
When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.
Any chance that you could post instructions on how to do this now?
@leftquark said:
When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.
Any chance that you could post instructions on how to do this now?
I can see if our Ops team can provide instructions ... or if you give us just a few more weeks it might be automatically done for you
@leftquark said:
When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.
Any chance that you could post instructions on how to do this now?
I can see if our Ops team can provide instructions ... or if you give us just a few more weeks it might be automatically done for you
Hi Aaron, I'm also interested in this if possible! I've got it half working on my custom domain (see my recent thread) but having a few issues! Tom
@leftquark said:
When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.
Any chance that you could post instructions on how to do this now?
I can see if our Ops team can provide instructions ... or if you give us just a few more weeks it might be automatically done for you
I would love instructions on how to do this as well as I've been waiting for over 2 years for this and all I keep being told is "give us more time", "its coming soon" etc.
At this point, I would advise against doing this, as it will delay our ability to get you onto SSL for Custom Domains when we launch it (we're getting closer! I know, I know, you want dates, but we want to make sure it's in tip-top shape before moving all of your domains to https).
I missed posting on this thread, but I have posted on others, so hopefully most of you have seen the news already:
SSL for Custom Domains will launch on January 17th and everyone with a custom domain on SmugMug will be moved to https with a secure certificate over a 7 day period. Your sites should be secured with SSL by January 25th or sooner and you will not need to take any action to enable this, as long as your custom domain is properly configured per our help pages.
For those of you that enabled SSL on your custom domains via the various “hacks”, you’ll be receiving several emails from us, indicating that you’ll need to remove these when we push SSL live on January 17th or you will risk your site being inaccessible via your custom domain (you’ll want to do it on January 17th to minimize risk of links or your site not working. If you do it before Jan 17th, links you’ve shared with https wil no longer work).
Because we didn't want to break the custom domains for the people who had forced https prior, we were unable to completely test everything around SSL for Custom Domains. As such, beginning on January 17th we'll be generating SSL certificates for each of your domains, and they'll be renewed and remain active as long as you tie your custom domain to SmugMug in your SM Account Settings. However, we will not initially redirect non-SSL (http) traffic to https at this time. Links generated in your breadcrumbs, Folder/Galley and Menu Content Blocks will continue to use non-SSL (http) links.
Once we're able to verify everything with the SSL certificates looks good, we'll begin moving all links to https, and then lastly automatically redirect http traffic to https.
I got some kind of popup that said expired something about a "token"?
https domain
Is my login timing out? That would be a disaster when working on site or uploading.
As far as I'm aware smugedit and the Activity Log is one of Sherlock's customizations that he built himself. He'd have to be the one to update that customization.
@Allen said:
I got some kind of popup that said expired something about a "token"?
https domain
Is my login timing out? That would be a disaster when working on site or uploading.
Your SSL certificates will renew before they expire, so you shouldn't be seeing any messages, especially since the cert was just generated. Could you share a screenshot so I can investigate further?
@Allen said:
I got some kind of popup that said expired something about a "token"?
https domain
Is my login timing out? That would be a disaster when working on site or uploading.
Your SSL certificates will renew before they expire, so you shouldn't be seeing any messages, especially since the cert was just generated. Could you share a screenshot so I can investigate further?
I'm so confused by all of this. I'm happy to just sit back and wait, if as you say everything will happen automatically.
What I have noticed looking through my statcounter figures, is that the number of hits to my site have halved, starting from about 5 days ago. I'm guessing this is directly related to the changeover, but again I'm confused if there is something i need to be doing manually to fix this.
Similarly, as I use my SM site also as a blog (crazy right!) I have adsense banners on these pages, and viewing any of my pages under HTTPS removes the adsense banners.
A final query. How will all of this effect things like SEO and search? Googling my site results in it displaying just a "www..." link, and clicking on it takes me to the regular HTTP version. Is this the kind of thing that will be automatically updated behind the scenes?
Forgive my ignorance, I understand the importance of the switch to HTTPS but I'm quite uninformed on the subject.
Once we've got the redirection in-place (so clicking the link in Google will take you to https and not http), SEO ranking should increase (or at least stop potentially being penalized)
@Shinrya said:
I'm so confused by all of this. I'm happy to just sit back and wait, if as you say everything will happen automatically.
What I have noticed looking through my statcounter figures, is that the number of hits to my site have halved, starting from about 5 days ago. I'm guessing this is directly related to the changeover, but again I'm confused if there is something i need to be doing manually to fix this.
I haven't seen any change in my page hits either from SM's counters or Google, they are always erratic (for me) but there's no clear trend downward over this time. Since the automatic shift from http to https I would not expect anyone to even know the change has been made, unless you are changing links that bring people here (and even then they should still count).
Similarly, as I use my SM site also as a blog (crazy right!) I have adsense banners on these pages, and viewing any of my pages under HTTPS removes the adsense banners.
I don't know anything about adsense other than what it is, but this sounds like a bug either in SM or your setup. Certainly google adsense CAN work in an HTTPS environment. Honestly before your note I did not even realize adsense worked on Smugmug; interesting.
Postscript: I took a quick look and one issue is that some items (http://c.statcounter/com, http://pagead2.googlesyndication.com) are served via http, my GUESS is you have hard coded http links on your page somewhere (not necessarily those, those may be indirectly loaded). Generally speaking https links can appear on http pages, but http links cannot appear on https pages. Passive items like images tend to still appear, but active ones like javascript are disabled if loaded via http on a https page.
I just checked again and yes they are now showing through HTTPS. Confirmed in Safari, Firefox and Chrome. Both Firefox and Chrome do give me a 'connection is not secure' warning though if i click on the padlock in the address bar.
Comments
Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...
http://feedback.smugmug.com/forums/17723-smugmug/suggestions/6498302-support-encrypted-connections-https-with-custom
Definitely no secret that SmugMug does take a fair while to release features that we've been promised.
Though when something is released, it's pretty much bulletproof. So we can't fault them there.
Vote for: SmugMug Two factor authentication
Back in October 2016 I mentioned that we had launched on SSL for non-custom domains and that we wanted to get to custom domains as well. Here on DGrin I've been a little more descriptive and mentioned that we have a number of items that are out-of-our-hands that we're pushing as hard as we can to get in place so that we can support it. It's something we'd love to have, but very few services have been able to figure out. SquareSpace, for example, offers it, but none of the links to your photos use the custom domain, it uses their own CDN URL, which you all have told us you hate. So we're going to do it in a way that you love. It's one of our top priorities to accomplish but I don't have any estimate on when we'll be able to launch it.
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
> @GreenT said:
> Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...
>
>
>
>
>
>
> Definitely no secret that SmugMug does take a fair while to release features that we've been promised. :/
>
> Though when something is released, it's pretty much bulletproof. So we can't fault them there. <3
Yes, you're right -- SmugMug works to make sure everything operates smoothly. That's a BIG plus in their favor.
> @GreenT said:
> Yes, SmugMug needs to make this a priority because it's a priority with your users. There's a reason why you offer custom domains, and there's a reason why we pay extra to use them. It was suggested in an earlier post that we could resolve the SEO and other issues by NOT using a custom domain and having SmugMug as part of our URL. To me, that's not a professional presentation and I'm not about to put that on my business card or anywhere else.
>
>
>
> Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...
>
>
>
> http://feedback.smugmug.com/forums/17723-smugmug/suggestions/6498302-support-encrypted-connections-https-with-custom
>
>
>
>
>
> Back in October 2016 I mentioned that we had launched on SSL for non-custom domains and that we wanted to get to custom domains as well. Here on DGrin I've been a little more descriptive and mentioned that we have a number of items that are out-of-our-hands that we're pushing as hard as we can to get in place so that we can support it. It's something we'd love to have, but very few services have been able to figure out. SquareSpace, for example, offers it, but none of the links to your photos use the custom domain, it uses their own CDN URL, which you all have told us you hate. So we're going to do it in a way that you love. It's one of our top priorities to accomplish but I don't have any estimate on when we'll be able to launch it.
I appreciate your response. And I appreciate the fact that you're working to launch the feature in a way that we'll love. Thanks for listening.
Would it be rude to ask: Has your CDN actually committed they WILL do it, just not when?
It's on their roadmap, yes.
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
That's reassuring; thanks.
Since this has no ETA (which I fully understand), can there be an opt in where users can manage their own cert? even if that involves some effort on our end. This is becoming a usability issue now, as more and more networks downgrading unsecured sites and popular browsers flagging them off (chrome already shows a exclamation mark in the address bar). If the ideal solution is hard to pull off in a reasonable amount of time, it may be worthwhile to think of more practical solutions
http://photography.ashishpandey.com
smugmug ID: ashishpandey (but I prefer my domain URL above
When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Any chance that you could post instructions on how to do this now?
Musings & ramblings at https://denisegoldberg.blogspot.com
I can see if our Ops team can provide instructions ... or if you give us just a few more weeks it might be automatically done for you
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Hi Aaron, I'm also interested in this if possible! I've got it half working on my custom domain (see my recent thread) but having a few issues! Tom
My Photography Blog.
My Popular Photos
- Photos of Edinburgh, Scottish Highlands and Islands, Fife.
I was wondering if there was a time frame. of course "might" and "few" leave some wonder left, but good to hear encouraging words.
I would love instructions on how to do this as well as I've been waiting for over 2 years for this and all I keep being told is "give us more time", "its coming soon" etc.
https://abigaylerayphotography.smugmug.com/
Blog | Facebook Page | Twitter Page
At this point, I would advise against doing this, as it will delay our ability to get you onto SSL for Custom Domains when we launch it (we're getting closer! I know, I know, you want dates, but we want to make sure it's in tip-top shape before moving all of your domains to https).
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
following
Instagram
Twitter
Big big thanks to everyone at SmugMug for making this happen! Thanks leftquark for keeping us in the loop too.
Vote for: SmugMug Two factor authentication
I missed posting on this thread, but I have posted on others, so hopefully most of you have seen the news already:
SSL for Custom Domains will launch on January 17th and everyone with a custom domain on SmugMug will be moved to https with a secure certificate over a 7 day period. Your sites should be secured with SSL by January 25th or sooner and you will not need to take any action to enable this, as long as your custom domain is properly configured per our help pages.
For those of you that enabled SSL on your custom domains via the various “hacks”, you’ll be receiving several emails from us, indicating that you’ll need to remove these when we push SSL live on January 17th or you will risk your site being inaccessible via your custom domain (you’ll want to do it on January 17th to minimize risk of links or your site not working. If you do it before Jan 17th, links you’ve shared with https wil no longer work).
Because we didn't want to break the custom domains for the people who had forced https prior, we were unable to completely test everything around SSL for Custom Domains. As such, beginning on January 17th we'll be generating SSL certificates for each of your domains, and they'll be renewed and remain active as long as you tie your custom domain to SmugMug in your SM Account Settings. However, we will not initially redirect non-SSL (http) traffic to https at this time. Links generated in your breadcrumbs, Folder/Galley and Menu Content Blocks will continue to use non-SSL (http) links.
This means that, on January 25th, someone typing in "http://www.yourdomain.com" will not be moved to "https://www.yourdomain.com". However, if they do type in "https://www.yourdomain.com" they will land on a secure site.
Once we're able to verify everything with the SSL certificates looks good, we'll begin moving all links to https, and then lastly automatically redirect http traffic to https.
If you notice any issues feel free to post in this thread: https://dgrin.com/discussion/263153/potential-bugs-with-new-ssl-certs-https
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
@leftquark Any idea if this feed will be updated to include https links?
It still works but switches to non-secure links.
Feed:
http://smugedit.com/activitylog/?url=http://www.photosbyat.com/&timezone=America/Denver
Code instructions:
http://www.sherlockphotography.org/Customisations/Activity-feed
Usage:
https://www.photosbyat.com/Recent-Gallery-Changes
Thanks
My Website index | My Blog
I got some kind of popup that said expired something about a "token"?
https domain
Is my login timing out? That would be a disaster when working on site or uploading.
My Website index | My Blog
As far as I'm aware smugedit and the Activity Log is one of Sherlock's customizations that he built himself. He'd have to be the one to update that customization.
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Your SSL certificates will renew before they expire, so you shouldn't be seeing any messages, especially since the cert was just generated. Could you share a screenshot so I can investigate further?
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Like a dummy I got a quick glimpse and went on. Duh!
Have been logged in working all day though.
My Website index | My Blog
I'm so confused by all of this. I'm happy to just sit back and wait, if as you say everything will happen automatically.
What I have noticed looking through my statcounter figures, is that the number of hits to my site have halved, starting from about 5 days ago. I'm guessing this is directly related to the changeover, but again I'm confused if there is something i need to be doing manually to fix this.
Similarly, as I use my SM site also as a blog (crazy right!) I have adsense banners on these pages, and viewing any of my pages under HTTPS removes the adsense banners.
A final query. How will all of this effect things like SEO and search? Googling my site results in it displaying just a "www..." link, and clicking on it takes me to the regular HTTP version. Is this the kind of thing that will be automatically updated behind the scenes?
Forgive my ignorance, I understand the importance of the switch to HTTPS but I'm quite uninformed on the subject.
Follow me on:
Instagram | Facebook | Flickr
Once we've got the redirection in-place (so clicking the link in Google will take you to https and not http), SEO ranking should increase (or at least stop potentially being penalized)
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Excellent
Follow me on:
Instagram | Facebook | Flickr
I haven't seen any change in my page hits either from SM's counters or Google, they are always erratic (for me) but there's no clear trend downward over this time. Since the automatic shift from http to https I would not expect anyone to even know the change has been made, unless you are changing links that bring people here (and even then they should still count).
I don't know anything about adsense other than what it is, but this sounds like a bug either in SM or your setup. Certainly google adsense CAN work in an HTTPS environment. Honestly before your note I did not even realize adsense worked on Smugmug; interesting.
Postscript: I took a quick look and one issue is that some items (http://c.statcounter/com, http://pagead2.googlesyndication.com) are served via http, my GUESS is you have hard coded http links on your page somewhere (not necessarily those, those may be indirectly loaded). Generally speaking https links can appear on http pages, but http links cannot appear on https pages. Passive items like images tend to still appear, but active ones like javascript are disabled if loaded via http on a https page.
AdSense should now be working again. Do you have a link to one of your pages we could verify the fix with?
Former SmugMug Product Team
aaron AT aaronmphotography DOT com
Website: http://www.aaronmphotography.com
My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Hey Aaron,
I just checked again and yes they are now showing through HTTPS. Confirmed in Safari, Firefox and Chrome. Both Firefox and Chrome do give me a 'connection is not secure' warning though if i click on the padlock in the address bar.
Here's a recent blog page with 3 adsense banners installed. First one should appear directly at the top of the page above the breadcrumb
https://www.peterstewartphotography.com/Blog/Singapore-Camera-Shopping-Guide
Follow me on:
Instagram | Facebook | Flickr