Muse site is not secure -- Godaddy says it's a Muse issue (the site shows https by mistake)

Report · Aug 08, 2018

Today, I uploaded a site made in Muse to a Godaddy hosting account (which hosts a number of non-SSL domains, as well as one SSL).

But when I try to open the site in a browser, I get the message "Your connection is not secure" because the URL has changed to https by mistake (e.g. there is not, and should not be, an SSL certificate for this domain).

I talked a long time with a Godaddy supporter who said the problem has to come from Muse: There was installed an SSL-certificate by mistake on the domain today, and he said it had to be because of Muse. He deleted the wrong certificate, but that didn't help.

I told him that, to my knowledge, there are no options at all to choose between http and https in Muse. He replied, that there was no chance that Adobe would have an applicaton without that option.

So could any of you please enlighten me?

Is this a Muse problem or a Godaddy problem?

Another thing: One browser (Safari) did allow me to bypass the warning - but only to show a message like "A new exciting site is coming soon". So the uploaded site didn't even seem to be there. When I check Godaddy's File Manager, all the Muse files are there however, and they all look correct.

Other Muse sites I've uploaded on the same server do not have this problem...

Report · Aug 08, 2018

I think(!), this is not a Muse issue. Muse normally has nothing to do with secure/unsecured sites.

If there is a SSL certificate installed and the site now is https instead of http, you have to redirect the http site to the https site. This has to happen on server-side by adding a redirect command into the “.htaccess“ file.

Is it possible, that the certificate has been withdrawn, but the htaccess entry already exists?

Report · Aug 08, 2018

https://forums.adobe.com/people/G%C3%BCnter+Hei%C3%9Fenb%C3%BCttel wrote
I think(!), this is not a Muse issue. Muse normally has nothing to do with secure/unsecured sites.
If there is a SSL certificate installed and the site now is https instead of http, you have to redirect the http site to the https site. This has to happen on server-side by adding a redirect command into the “.htaccess“ file.
Is it possible, that the certificate has been withdrawn, but the htaccess entry already exists?

You're a genius, sir! Here's what I was going to post before I saw your reply:

"This was a server issue -- had zero to do with Muse!

If anyone is interested, an .htaccess file was needed in the domain with the following line:

RewriteEngine Off

Otherwise, the domain would be redirected to https, because all domains on that server are by default for some reason."

So you're absolutely spot on -- I wish I had seen your reply before now, but I was one the phone with Godaddy for the longest time!

Report · Aug 08, 2018

Fine! I start to doubt, that I really don’t know anything about server configurations!

Report · Aug 08, 2018

https://forums.adobe.com/people/G%C3%BCnter+Hei%C3%9Fenb%C3%BCttel wrote

Fine! I start to doubt, that I really don’t know anything about server configurations!

Don't doubt it, you know everything there is to know!

I had to talk to three Godaddy supporters before I found the solution myself by comparing .htaccess files from domains that worked and the one that didn't...

Report · Aug 08, 2018

If your server has SSL certs (essential for all sites these days), why on Earth aren't you using it for all domains? Google and browsers now penalize ordinary HTTP sites by marking them as Not Secure.

You have until July to Install SSL or Google will mark your site "Not Secure"

Nancy O'Shea— Product User, Community Expert & Moderator
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Report · Aug 08, 2018

https://forums.adobe.com/people/Nancy+OShea wrote
If your server has SSL certs (essential for all sites these days), why on Earth aren't you using it for all domains? Google and browsers now penalize ordinary HTTP sites by marking them as Not Secure.
You have until July to Install SSL or Google will mark your site "Not Secure"

I do use SSL on the most important sites, but they're still pretty expensive for a minor domain.

And I doubt Google's 'Not Secure' branding will have any effect, given the vast amount of decent sites that don't have certs.

It's like GDPR messages, you don't even notice them anymore, it's just spam.

Report · Aug 08, 2018

I won't lecture you. But I think you're underestimating people's awareness about the need for better web security. Especially since you can get free SSL certs from trusted authorities like Let's Encrypt and Comodo. I think CloudFlare has them too but I've never used their certs.

Let's Encrypt - Free SSL/TLS Certificates
https://letsencrypt.org/
Free SSL Certificates from No 1 Trust Provider - Comodo SSL
https://ssl.comodo.com/free-ssl-certificate.php

Nancy O'Shea— Product User, Community Expert & Moderator
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Adobe Community

Muse site is not secure -- Godaddy says it's a Muse issue (the site shows https by mistake)

1 Correct answer