• When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.

WWComics Website Down?
2 2

Started by Xenosmilus,

19 posts in this topic

nepatkm

nepatkm

Posted
Posted

Yes, I’m having trouble also. 
This is what I’ve been getting from the wwcomics.com site for the last week when I’ve tried. 

70B9B94D-B135-4239-A62E-CB28B089A6E3.png

Link to comment
Share on other sites
sckao

sckao

Posted
Posted

They have a valid 3-month SSL certificate from Let's Encrypt. This is a free certificate service provided by some ISPs. Some browsers are just defaulting to the non-secure  http:// address and not automatically redirecting over to https://

I'd clear the browser history or just explicitly type in https://www.wwcomics.com

 

Link to comment
Share on other sites
sckao

sckao

Posted
Posted (edited)

Actually, I see the problem... It's for people on mobile devices (Apple for me). Seems to work fine on the desktop for certain browsers that will overlook the errors.

The website has a mix of hard-coded https:// and http:// paths. The http:// paths will spawn errors now in some browsers and will be ignored/left off the page. (This is why some of the graphics don't appear in some browsers.)

(All paths on the website should be made relative.)

========

Most browsers display a security warning when a secure https: web page includes http: content.

In IE8 and Firefox 23 onwards, the default option is not to display the http:// content. To fix this: use relative URL paths ../images/file.png; or full URL paths /images/file.png; or absolute https URLs https://example.com/images/file.png.

Edited by sckao
Link to comment
Share on other sites
Xenosmilus

Xenosmilus

Posted
  • Author
Posted
On 10/5/2021 at 11:04 AM, sckao said:

Actually, I see the problem... It's for people on mobile devices (Apple for me). Seems to work fine on the desktop for certain browsers that will overlook the errors.

The website has a mix of hard-coded https:// and http:// paths. The http:// paths will spawn errors now in some browsers and will be ignored/left off the page. (This is why some of the graphics don't appear in some browsers.)

(All paths on the website should be made relative.)

========

Most browsers display a security warning when a secure https: web page includes http: content.

In IE8 and Firefox 23 onwards, the default option is not to display the http:// content. To fix this: use relative URL paths ../images/file.png; or full URL paths /images/file.png; or absolute https URLs https://example.com/images/file.png.

So is this a personal problem or do they need to fix their web page?

Link to comment
Share on other sites
sckao

sckao

Posted
Posted (edited)

They generally need to fix their website. A lot of the browser companies have recently (not that recently) instituted measures where they will no longer accept websites that are not encrypted by default. (This is where the warnings come in.) Generally, at the backend, you would just redirect all http:// requests to https:// and be done with it with all relative links. In this case, they seem to have a mixture of hardcoded links in their template which have both. Probably simple enough to fix...

The underlying issue with most sites these days is that they were designed before responsive design was the most important design consideration, and before mobile devices were on the verge (if not already) of being the #1 platform for viewing for their particular niche.

It may be that comic buyers still use the desktop for most of their buying, but I would hazard that for sites like GPA, CGC, eBay, or any other data driven site (Census, registry, etc.), buyers at conventions, or users just at a convenient break point in their work day, would most likely check out the boards or their DMs via their mobile device.

Edited by sckao
Link to comment
Share on other sites
ComicsAndCode

ComicsAndCode

Posted
Posted
On 10/5/2021 at 9:06 AM, sckao said:

They generally need to fix their website. A lot of the browser companies have recently (not that recently) instituted measures where they will no longer accept websites that are not encrypted by default. (This is where the warnings come in.) Generally, at the backend, you would just redirect all http:// requests to https:// and be done with it with all relative links. In this case, they seem to have a mixture of hardcoded links in their template which have both. Probably simple enough to fix...

The underlying issue with most sites these days is that they were designed before responsive design was the most important design consideration, and before mobile devices were on the verge (if not already) of being the #1 platform for viewing for their particular niche.

It may be that comic buyers still use the desktop for most of their buying, but I would hazard that for sites like GPA, CGC, eBay, or any other data driven site (Census, registry, etc.), buyers at conventions, or users just at a convenient break point in their work day, would most likely check out the boards or their DMs via their mobile device.

This is a great explanation. And yes, http to https redirects is a best practice for making sure server / client communication is secured. Now that would assume the SSL certificate is valid. In this case, it is not - the warning message is saying the intermediate certificate is expired. And I'm noticing the message appear across both desktop and devices. It will take a little more than http redirects to fix this. Until then, I think visitors should avoid entering personal and payment information on their site. 

 

 

Link to comment
Share on other sites
sckao

sckao

Posted
Posted (edited)

So this seems to be the problem.

DST Root CA X3 Expiration (September 2021) - Let's Encrypt (letsencrypt.org)

DST Root CA X3 will expire on September 30, 2021. That means those older devices that don’t trust ISRG Root X1 will start getting certificate warnings when visiting sites that use Let’s Encrypt certificates.

(Basically, for people who read the above and just see gibberish... They weren't hacked. The SSL Authority/Let's Encrypt expired one of their Root Certificates which is causing problems down the chain for browsers that still use it for authentication... like Safari/iOS and Android devices.) There are a couple of quick fixes that the ISP can implement, or the user can really just change SSL certificates.

(They do still need to fix their links though.)

 

Edited by sckao
Link to comment
Share on other sites
ComicsAndCode

ComicsAndCode

Posted
Posted
On 10/5/2021 at 10:14 AM, sckao said:

So this seems to be the problem.

DST Root CA X3 Expiration (September 2021) - Let's Encrypt (letsencrypt.org)

DST Root CA X3 will expire on September 30, 2021. That means those older devices that don’t trust ISRG Root X1 will start getting certificate warnings when visiting sites that use Let’s Encrypt certificates.

(Basically, for people who read the above and just see gibberish... They weren't hacked. The SSL Authority/Let's Encrypt expired one of their Root Certificates which is causing problems down the chain for browsers that still use it for authentication... like Safari/iOS and Android devices.) There are a couple of quick fixes that the ISP can implement, or the user can really just change SSL certificates.

(They do still need to fix their links though.)

 

Exactly! It's the intermediate cert that has expired. It impacts all browsers and devices. I see the error message appear on my Desktop Chrome.

And to your point, much like many comic dealer's websites out there, the site was built and maintained long before responsive design or the use a robust and tried platform like Shopify where this type of issue is less likely to occur. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
2 2
Go to topic listing