Sure the program states the cert is installed and it does verify, but my website is another story.
Http still works fine (doesn’t forward to https which is good) But using https, now my login no longer works. This is a gaming site so I can’t waste time with a cert that causes issues site wide.
Even the top navigation displays differently when using https. I’ve tried so many times over the years to use this program but always get the same result.
So what is the happy solution?
Hi, if you could expand on how your IIS is currently configured then perhaps we can figure out what’s going wrong.
You mention “my login no longer works”, we’re going to need a detailed summary of the exact problem you are seeing - can you share the actual domain and an example that’s not working? Are you getting a browser error such as invalid name etc? Does your IIS have any other https binding setup and if so are they using an explicit IP address or non-SNI bindings? We have some general info on the limitations of SSL bindings in Windows here: Using Certificates in Windows | Certify The Web Docs
The “happy path” detailed in Requesting a Certificate | Certify The Web Docs is for you to setup your IIS site with a hostname that matches the name on your certificate, then when you get your certificate the app will see that and automatically create (or update) the correct https binding.
As an side I’d recommend upgrading from Server 2012 as soon as you can, general support for that from Microsoft (security updates etc) ended in July 2022.
You also mentioned :
This suggests you are perhaps trying to load mixed content (some things from http some things from https) which modern browsers will refuse to do, you generally have to use https for all your content (CSS, JS, images etc) when your main site html is loaded via https.
There are swim http elements throughout the code mostly in Java scripts direct links to external sites. Also with css. It’s an older site.
I could easily change all references to https but the overall concern could be - does your program actually create a valid ssl cert?
I’m on windows 2012 server r2. Not sure if I can update or if it would be wise to.
The few times I installed the feet using your program, it did validate so I guess I’d need to update all the http references to https and install the cert again.
But my main concern was my login script stopped working even when I’d just use https in the url - with our without the cert installed.
Will keep you in the loop
Thanks again!
Rick
Hi, your site either has https working, or it doesn’t.
Obviously the app creates valid certs for the other 120,000+ daily users so it’s unlikely that it just doesn’t work for you and instead it’s more likely something in your site is misconfigured.
If you can provide your site url perhaps we can look to see what error you are seeing and advise why it is appearing.
hello,
Thank you for getting back. The site is:
It’s basically a similar game to the board game Risk.
Windows 2012 R2 Server. This site was coded many years back and was set up manually (not using Plesk) by someone I hired (3-4 yrs ago) with what the former owners/programmers suggested.
At this moment there isn’t a cert installed using your program.
I know from looking through code there are many references to http:, mostly scripts. I could easily change these using VS but I want to be careful.
If I try accessing via https, login no longer works, the top menu displays wrong.
According to Server Manger, this error is displaying multiple times each second:
“An error occurred while using SSL configuration for endpoint 208.67.21.16:443. The error status code is contained within the returned data.”
Not sure if this is connected to the code having http; references, but this error slows game play overall. There will be game maps which do not load their data.
Also years back the Paypal integration stopped working. Their tech support claimed nothing was changed on their end, but suddenly their system stopped sending membership upgrade data back to my server. I’ve been upgrading members manually since.
Any suggestions would be much appreciated as I’d love to get the bugs out. It’s just impossible to know if it’s code of server causing the issues.
Thank you,
Rick Horvath
Regarding the Paypal issue a while back, I recall being told about TLS settings, not having the proper protocol working. I checked this then and just now here:
https://www.ssllabs.com/ssltest/analyze.html?d=victorsunited.com
Under the section “Cipher Suites” it shows some concerns and I recall changing these manually on the server and the site suddenly stopped working. So I never went back to anything regarding TLS.
Could this also be something causing issues?
Thank you,
Rick Horvath
Guessing this is a difficult issue to resolve?
I haven’t had a response to my last post.
If the weak ciphers were a real issue, you would be immediately aware of it since the browser would refuse to connect at all. Anything below TLS1.2… some browsers would refuse to connect, but they are less strict about the ciphers used in TLS1.2/1.3. (for now) Resolving the reported cipher issue is a good idea in theory… but it looks like your server is only offering “weak” ciphers so if you remove them all, then there are zero options and the handshake will fail. (I’m not sure if this is what you encountered)
Browsers really do not like mixed-mode HTTPs. If you load the page using HTTPS, all resources must also be HTTPS… which means if you have any hardcoded resources, you will need to change those. If all of the resources are on your server, it’s easiest to just use relative paths that do not mention http:// at all. Just start with the domain name or even the root/relative path of the resource. The requesting browser will automatically use the correct one depending on how it is connected to your page. This trick may also work for external resources, but I’m not confident about that.
A couple of things to look at:
When loaded as http://victorsunited.com/ (using just http) your site doesn’t redirect to https, which it ideally should do. Best Practices | Certify The Web Docs
As noted in my second comment originally, when loaded via https your site is still loading some resources as http (this is called “mixed content” and is a security warning or error in most browsers). Various scripts won’t work because of this. To see which ones are affected, open your browsers Developer Tools to web console to see the errors. In your particular example jquery etc is not loading because you are referring loading over http instead of https, so then everything that needs jQuery is failing.
Note that none of this has anything to do with the operation of Certify The Web, this is just standard web stuff I’m afraid.
Regarding Cipher suites, I generally recommend running the free IISCrypto tool in “Best Practices” mode which enables a fairly compatible set of cipher suites and TLS settings, however it’s important to note that Server 2012 is old and it doesn’t support some of the newer cipher suites : Nartac Software - IIS Crypto
All code has been changed to reference HTTPS and I just added a redirect script in the web config file.
I am still noticing game data not loading as I had 2 games myself not cooperate just yesterday. Seems players get a day when they have a similar issue.
I will not be worried about the TLS issue if you don’t feel that is a concern.
Thank you again for all the input on this. I still have work to do, but overall I feel the site is cooperating much better.
Rick
Incidentally when your site loads it tries to fetch https://victorsunited.com/brawl/current which returns a server error (http 500) and returns garbled info the the browser (perhaps the content type is messed up) but if you fetch that with curl it contains an error message:
[ArgumentException: Item Not Enabled: Tried to use advanced rules but not enabled]
Prospect.Core.GamePlay.BrawlCoordinator.StartBrawl(Brawl currentBrawl) +3635
Prospect.Core.GamePlay.BrawlCoordinator.GetCurrentBrawl() +430
Prospect.Web.Controllers.BrawlController.Current() +76
lambda_method(Closure , ControllerBase , Object[] ) +87
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +280
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +35
The only reference in my source code to
brawl/current
would be only when a lightning game has been created. I do though see an error for
POSThttps://victorsunited.com/OAuth/HasAuthToken/
[HTTP/1.1 500 Internal Server Error 693ms]
which references some aspx code
$.post(“/OAuth/HasAuthToken/”, { “ThirdParty”: “google” },
function (response) {
if (response == “True”) {
SetGoogleAuthButtons(true);
}
});
and that’s its only instance. I just commented out that code.
So I’m not able to replicate what you’re seeing via Firefox Web Dev Tools.
In my admin area I’m still seeing many, many of there errors:
Error in the Turn Enforcer
The wait operation timed out
So I’m still puzzled what is happening. The game still have data loading issues. I experience it maybe once each week for a single day and other players maybe on a different day, then all is good for a while.
Makes no sense!
Also that ISO Crypto program when run in Best Practices mode and then reboot server, is causing issues site wide, so that’s not a good idea!
I am hoping after stopping the program and rebooting my site will once again be functioning.
This seems like you are referencing an IP address instead of domain name, certificates cannot (normally) be applied to IP addresses and you can only access something over https with a cert that matches the name you are requesting, otherwise most browsers will reject the request.
Regarding “site wide issues”, it seems like you are firefighting because you are chasing stuff on your production server.
I think you need to step back a little and dig into what’s going on using a test system, it’s fairly cheap to run a small test server on AWS or Azure and I think that would let you try different configuration changes without risking your live server.
Regarding your TLS and Cipher suite settings, the Best Practises mode is pretty good, but Server 2012 is really old and doesn’t have good defaults enabled. In your case I would suggest reviewing the Cipher suites that are enabled and perhaps enabling more than the best practises mode enables as Server 2012 is limited at some of the newer cipher suites. I’d encourage you to upgrade to Server 2022 as soon as you can to avoid these types of legacy software problems.
Where and how did you find all of this:
[ArgumentException: Item Not Enabled: Tried to use advanced rules but not enabled]
Prospect.Core.GamePlay.BrawlCoordinator.StartBrawl(Brawl currentBrawl) +3635
Because I now see the lightning games are not displaying on the ‘home’ and ‘my games’ pages! The code is very complicated to follow. Even a seasoned .net programmer had issues following code flow, and I’ve also been programming for decades and have hard times trouble shooting this code, it’s next to impossibly to follow through.
In Google Chrome I looked at the developer tools to see network/javascript errors. One was the call to https://victorsunited.com/brawl/current. In the browser the info was garbled so I tried curl: curl https://victorsunited.com/brawl/current which displays the following and you can see the code stack trace at the bottom:
<!DOCTYPE html>
<html>
<head>
<title>Item Not Enabled: Tried to use advanced rules but not enabled</title>
<meta name="viewport" content="width=device-width" />
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:pointer; }
@media screen and (max-width: 639px) {
pre { width: 440px; overflow: auto; white-space: pre-wrap; word-wrap: break-word; }
}
@media screen and (max-width: 479px) {
pre { width: 280px; }
}
</style>
</head>
<body bgcolor="white">
<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>
<h2> <i>Item Not Enabled: Tried to use advanced rules but not enabled</i> </h2></span>
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">
<b> Description: </b>An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
<br><br>
<b> Exception Details: </b>System.ArgumentException: Item Not Enabled: Tried to use advanced rules but not enabled<br><br>
<b>Source Error:</b> <br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code>
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. </code>
</td>
</tr>
</table>
<br>
<b>Stack Trace:</b> <br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
[ArgumentException: Item Not Enabled: Tried to use advanced rules but not enabled]
Prospect.Core.GamePlay.BrawlCoordinator.StartBrawl(Brawl currentBrawl) +3635
Prospect.Core.GamePlay.BrawlCoordinator.GetCurrentBrawl() +430
Prospect.Web.Controllers.BrawlController.Current() +76
lambda_method(Closure , ControllerBase , Object[] ) +87
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +280
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +35
System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +33
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +80
System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +396
System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +396
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +32
System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +187
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +30
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +25
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +52
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +25
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +44
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +25
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +431
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +75
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +158
</pre> </code>
</td>
</tr>
</table>
<br>
<hr width=100% size=1 color=silver>
<b>Version Information:</b> Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.8.4494.0
</font>
</body>
</html>
<!--
[ArgumentException]: Item Not Enabled: Tried to use advanced rules but not enabled
at Prospect.Core.GamePlay.BrawlCoordinator.StartBrawl(Brawl currentBrawl)
at Prospect.Core.GamePlay.BrawlCoordinator.GetCurrentBrawl()
at Prospect.Web.Controllers.BrawlController.Current()
at lambda_method(Closure , ControllerBase , Object[] )
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<>c__DisplayClass2a.<BeginInvokeAction>b__20()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult)
at System.Web.Mvc.Controller.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult)
at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
--><!--
This error page might contain sensitive information because ASP.NET is configured to show verbose error messages using <customErrors mode="Off"/>. Consider using <customErrors mode="On"/> or <customErrors mode="RemoteOnly"/> in production environments.-->
I am suddenly noticing Lightning Game Create sections are no longer displaying properly, this could be tied into the brawl you mentioned. No code was changed so something else must be going on.