SSL's for custom domains

2

Comments

  • GreenTGreenT CaliforniaPosts: 3Registered Users Beginner grinner
    Yes, SmugMug needs to make this a priority because it's a priority with your users. There's a reason why you offer custom domains, and there's a reason why we pay extra to use them. It was suggested in an earlier post that we could resolve the SEO and other issues by NOT using a custom domain and having SmugMug as part of our URL. To me, that's not a professional presentation and I'm not about to put that on my business card or anywhere else.

    Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...

    http://feedback.smugmug.com/forums/17723-smugmug/suggestions/6498302-support-encrypted-connections-https-with-custom
  • GargaGarga Big grins Posts: 63Registered Users Big grins

    @GreenT said:
    Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...

    Definitely no secret that SmugMug does take a fair while to release features that we've been promised. :/

    Though when something is released, it's pretty much bulletproof. So we can't fault them there. <3

  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    @GreenT said:
    Yes, SmugMug needs to make this a priority because it's a priority with your users. There's a reason why you offer custom domains, and there's a reason why we pay extra to use them. It was suggested in an earlier post that we could resolve the SEO and other issues by NOT using a custom domain and having SmugMug as part of our URL. To me, that's not a professional presentation and I'm not about to put that on my business card or anywhere else.



    Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...



    http://feedback.smugmug.com/forums/17723-smugmug/suggestions/6498302-support-encrypted-connections-https-with-custom

    Back in October 2016 I mentioned that we had launched on SSL for non-custom domains and that we wanted to get to custom domains as well. Here on DGrin I've been a little more descriptive and mentioned that we have a number of items that are out-of-our-hands that we're pushing as hard as we can to get in place so that we can support it. It's something we'd love to have, but very few services have been able to figure out. SquareSpace, for example, offers it, but none of the links to your photos use the custom domain, it uses their own CDN URL, which you all have told us you hate. So we're going to do it in a way that you love. It's one of our top priorities to accomplish but I don't have any estimate on when we'll be able to launch it.

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • GreenTGreenT CaliforniaPosts: 3Registered Users Beginner grinner
    > @Garga said:
    > @GreenT said:
    > Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...
    >
    >
    >
    >
    >
    >
    > Definitely no secret that SmugMug does take a fair while to release features that we've been promised. :/
    >
    > Though when something is released, it's pretty much bulletproof. So we can't fault them there. <3

    Yes, you're right -- SmugMug works to make sure everything operates smoothly. That's a BIG plus in their favor.
  • GreenTGreenT CaliforniaPosts: 3Registered Users Beginner grinner
    > @leftquark said:
    > @GreenT said:
    > Yes, SmugMug needs to make this a priority because it's a priority with your users. There's a reason why you offer custom domains, and there's a reason why we pay extra to use them. It was suggested in an earlier post that we could resolve the SEO and other issues by NOT using a custom domain and having SmugMug as part of our URL. To me, that's not a professional presentation and I'm not about to put that on my business card or anywhere else.
    >
    >
    >
    > Here's a link to another discussion on this same subject, stretching back to 2014. SmugMug's response at that time was "We're working on it. Stay tuned!" Three years later, we're still staying tuned ...
    >
    >
    >
    > http://feedback.smugmug.com/forums/17723-smugmug/suggestions/6498302-support-encrypted-connections-https-with-custom
    >
    >
    >
    >
    >
    > Back in October 2016 I mentioned that we had launched on SSL for non-custom domains and that we wanted to get to custom domains as well. Here on DGrin I've been a little more descriptive and mentioned that we have a number of items that are out-of-our-hands that we're pushing as hard as we can to get in place so that we can support it. It's something we'd love to have, but very few services have been able to figure out. SquareSpace, for example, offers it, but none of the links to your photos use the custom domain, it uses their own CDN URL, which you all have told us you hate. So we're going to do it in a way that you love. It's one of our top priorities to accomplish but I don't have any estimate on when we'll be able to launch it.

    I appreciate your response. And I appreciate the fact that you're working to launch the feature in a way that we'll love. Thanks for listening.
  • FergusonFerguson Major grins Posts: 1,215Registered Users Major grins

    @leftquark said:
    ... out-of-our-hands that we're pushing as hard as we can

    Would it be rude to ask: Has your CDN actually committed they WILL do it, just not when?

  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    @Ferguson said:

    @leftquark said:
    ... out-of-our-hands that we're pushing as hard as we can

    Would it be rude to ask: Has your CDN actually committed they WILL do it, just not when?

    It's on their roadmap, yes.

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • FergusonFerguson Major grins Posts: 1,215Registered Users Major grins

    @leftquark said:

    @Ferguson said:

    @leftquark said:
    ... out-of-our-hands that we're pushing as hard as we can

    Would it be rude to ask: Has your CDN actually committed they WILL do it, just not when?

    It's on their roadmap, yes.

    That's reassuring; thanks.

  • ashishpandeyashishpandey Behind the lens Grinner Posts: 100Registered Users Big grins

    Since this has no ETA (which I fully understand), can there be an opt in where users can manage their own cert? even if that involves some effort on our end. This is becoming a usability issue now, as more and more networks downgrading unsecured sites and popular browsers flagging them off (chrome already shows a exclamation mark in the address bar). If the ideal solution is hard to pull off in a reasonable amount of time, it may be worthwhile to think of more practical solutions

    Ashish
    http://photography.ashishpandey.com
    smugmug ID: ashishpandey (but I prefer my domain URL above :D)
  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    @ashishpandey said:
    Since this has no ETA (which I fully understand), can there be an opt in where users can manage their own cert? even if that involves some effort on our end. This is becoming a usability issue now, as more and more networks downgrading unsecured sites and popular browsers flagging them off (chrome already shows a exclamation mark in the address bar). If the ideal solution is hard to pull off in a reasonable amount of time, it may be worthwhile to think of more practical solutions

    When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • denisegoldbergdenisegoldberg Major grins North Andover, MAPosts: 11,925Super Moderators moderator

    @leftquark said:
    When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.

    Any chance that you could post instructions on how to do this now?

  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    @denisegoldberg said:

    @leftquark said:
    When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.

    Any chance that you could post instructions on how to do this now?

    I can see if our Ops team can provide instructions ... or if you give us just a few more weeks it might be automatically done for you o:)

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • Tom FosterTom Foster Major grins Edinburgh, UK.Posts: 283Registered Users Major grins

    @leftquark said:

    @denisegoldberg said:

    @leftquark said:
    When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.

    Any chance that you could post instructions on how to do this now?

    I can see if our Ops team can provide instructions ... or if you give us just a few more weeks it might be automatically done for you o:)

    Hi Aaron, I'm also interested in this if possible! I've got it half working on my custom domain (see my recent thread) but having a few issues! Tom

  • FergusonFerguson Major grins Posts: 1,215Registered Users Major grins

    @leftquark said:
    I can see if our Ops team can provide instructions ... or if you give us just a few more weeks it might be automatically done for you o:)

    I was wondering if there was a time frame. of course "might" and "few" leave some wonder left, but good to hear encouraging words.

  • AbigayleRayPhotographyAbigayleRayPhotography Big grins Livingston, Montana Posts: 15Registered Users Big grins

    @leftquark said:

    @denisegoldberg said:

    @leftquark said:
    When we launch it for all of you, it wouldn't be an opt-in. Everyone would get it. Until then, you can set it up on your own even today. Several of you have already figured it out (though I don't know the exact steps). Someone a little more familiar might be able to chime in with how to do it.

    Any chance that you could post instructions on how to do this now?

    I can see if our Ops team can provide instructions ... or if you give us just a few more weeks it might be automatically done for you o:)

    I would love instructions on how to do this as well as I've been waiting for over 2 years for this and all I keep being told is "give us more time", "its coming soon" etc.

  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    At this point, I would advise against doing this, as it will delay our ability to get you onto SSL for Custom Domains when we launch it (we're getting closer! I know, I know, you want dates, but we want to make sure it's in tip-top shape before moving all of your domains to https).

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • Djm3006Djm3006 Major grins Steamboat Springs, CO, USAPosts: 156Registered Users Major grins
  • GargaGarga Big grins Posts: 63Registered Users Big grins

    Big big thanks to everyone at SmugMug for making this happen! Thanks leftquark for keeping us in the loop too.
    :) :D

  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    I missed posting on this thread, but I have posted on others, so hopefully most of you have seen the news already:

    SSL for Custom Domains will launch on January 17th and everyone with a custom domain on SmugMug will be moved to https with a secure certificate over a 7 day period. Your sites should be secured with SSL by January 25th or sooner and you will not need to take any action to enable this, as long as your custom domain is properly configured per our help pages.

    For those of you that enabled SSL on your custom domains via the various “hacks”, you’ll be receiving several emails from us, indicating that you’ll need to remove these when we push SSL live on January 17th or you will risk your site being inaccessible via your custom domain (you’ll want to do it on January 17th to minimize risk of links or your site not working. If you do it before Jan 17th, links you’ve shared with https wil no longer work).

    Because we didn't want to break the custom domains for the people who had forced https prior, we were unable to completely test everything around SSL for Custom Domains. As such, beginning on January 17th we'll be generating SSL certificates for each of your domains, and they'll be renewed and remain active as long as you tie your custom domain to SmugMug in your SM Account Settings. However, we will not initially redirect non-SSL (http) traffic to https at this time. Links generated in your breadcrumbs, Folder/Galley and Menu Content Blocks will continue to use non-SSL (http) links.

    This means that, on January 25th, someone typing in "http://www.yourdomain.com" will not be moved to "https://www.yourdomain.com". However, if they do type in "https://www.yourdomain.com" they will land on a secure site.

    Once we're able to verify everything with the SSL certificates looks good, we'll begin moving all links to https, and then lastly automatically redirect http traffic to https.

    If you notice any issues feel free to post in this thread: https://dgrin.com/discussion/263153/potential-bugs-with-new-ssl-certs-https

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • AllenAllen "tweak 'til it squeaks" St. Louis, MoPosts: 9,409Registered Users Major grins
    edited January 24, 2018

    @leftquark Any idea if this feed will be updated to include https links?
    It still works but switches to non-secure links.

    Feed:
    http://smugedit.com/activitylog/?url=http://www.photosbyat.com/&timezone=America/Denver
    Code instructions:
    http://www.sherlockphotography.org/Customisations/Activity-feed
    Usage:
    https://www.photosbyat.com/Recent-Gallery-Changes

    Thanks

    Al - Just a volunteer here having fun
    My Website | My Blog
  • AllenAllen "tweak 'til it squeaks" St. Louis, MoPosts: 9,409Registered Users Major grins
    edited January 25, 2018

    I got some kind of popup that said expired something about a "token"?
    https domain
    Is my login timing out? That would be a disaster when working on site or uploading.

    Al - Just a volunteer here having fun
    My Website | My Blog
  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    @Allen said:
    @leftquark Any idea if this feed will be updated to include https links?
    It still works but switches to non-secure links.

    Feed:
    http://smugedit.com/activitylog/?url=http://www.photosbyat.com/&timezone=America/Denver
    Code instructions:
    http://www.sherlockphotography.org/Customisations/Activity-feed
    Usage:
    https://www.photosbyat.com/Recent-Gallery-Changes

    As far as I'm aware smugedit and the Activity Log is one of Sherlock's customizations that he built himself. He'd have to be the one to update that customization.

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    @Allen said:
    I got some kind of popup that said expired something about a "token"?
    https domain
    Is my login timing out? That would be a disaster when working on site or uploading.

    Your SSL certificates will renew before they expire, so you shouldn't be seeing any messages, especially since the cert was just generated. Could you share a screenshot so I can investigate further?

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • AllenAllen "tweak 'til it squeaks" St. Louis, MoPosts: 9,409Registered Users Major grins

    Like a dummy I got a quick glimpse and went on. Duh!
    Have been logged in working all day though.

    @leftquark said:

    @Allen said:
    I got some kind of popup that said expired something about a "token"?
    https domain
    Is my login timing out? That would be a disaster when working on site or uploading.

    Your SSL certificates will renew before they expire, so you shouldn't be seeing any messages, especially since the cert was just generated. Could you share a screenshot so I can investigate further?

    Al - Just a volunteer here having fun
    My Website | My Blog
  • ShinryaShinrya Peter Stewart Hong KongPosts: 106Registered Users Major grins

    I'm so confused by all of this. I'm happy to just sit back and wait, if as you say everything will happen automatically.

    What I have noticed looking through my statcounter figures, is that the number of hits to my site have halved, starting from about 5 days ago. I'm guessing this is directly related to the changeover, but again I'm confused if there is something i need to be doing manually to fix this.
    Similarly, as I use my SM site also as a blog (crazy right!) I have adsense banners on these pages, and viewing any of my pages under HTTPS removes the adsense banners.

    A final query. How will all of this effect things like SEO and search? Googling my site results in it displaying just a "www..." link, and clicking on it takes me to the regular HTTP version. Is this the kind of thing that will be automatically updated behind the scenes?

    Forgive my ignorance, I understand the importance of the switch to HTTPS but I'm quite uninformed on the subject.

  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    Once we've got the redirection in-place (so clicking the link in Google will take you to https and not http), SEO ranking should increase (or at least stop potentially being penalized)

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • ShinryaShinrya Peter Stewart Hong KongPosts: 106Registered Users Major grins

    Excellent :)

  • FergusonFerguson Major grins Posts: 1,215Registered Users Major grins
    edited January 27, 2018

    @Shinrya said:
    I'm so confused by all of this. I'm happy to just sit back and wait, if as you say everything will happen automatically.

    What I have noticed looking through my statcounter figures, is that the number of hits to my site have halved, starting from about 5 days ago. I'm guessing this is directly related to the changeover, but again I'm confused if there is something i need to be doing manually to fix this.

    I haven't seen any change in my page hits either from SM's counters or Google, they are always erratic (for me) but there's no clear trend downward over this time. Since the automatic shift from http to https I would not expect anyone to even know the change has been made, unless you are changing links that bring people here (and even then they should still count).

    Similarly, as I use my SM site also as a blog (crazy right!) I have adsense banners on these pages, and viewing any of my pages under HTTPS removes the adsense banners.

    I don't know anything about adsense other than what it is, but this sounds like a bug either in SM or your setup. Certainly google adsense CAN work in an HTTPS environment. Honestly before your note I did not even realize adsense worked on Smugmug; interesting.

    Postscript: I took a quick look and one issue is that some items (http://c.statcounter/com, http://pagead2.googlesyndication.com) are served via http, my GUESS is you have hard coded http links on your page somewhere (not necessarily those, those may be indirectly loaded). Generally speaking https links can appear on http pages, but http links cannot appear on https pages. Passive items like images tend to still appear, but active ones like javascript are disabled if loaded via http on a https page.

  • leftquarkleftquark SmugMug Product Team Posts: 3,236Administrators, Vanilla Admin, SmugMug Product Team SmugMug Employee

    AdSense should now be working again. Do you have a link to one of your pages we could verify the fix with?

    SmugMug Director of Product / dGrin Afficionado
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • ShinryaShinrya Peter Stewart Hong KongPosts: 106Registered Users Major grins

    Hey Aaron,

    I just checked again and yes they are now showing through HTTPS. Confirmed in Safari, Firefox and Chrome. Both Firefox and Chrome do give me a 'connection is not secure' warning though if i click on the padlock in the address bar.

    Here's a recent blog page with 3 adsense banners installed. First one should appear directly at the top of the page above the breadcrumb
    https://www.peterstewartphotography.com/Blog/Singapore-Camera-Shopping-Guide

2
Sign In or Register to comment.