Forums

I'm looking at a couple different options for forcing https on our 3 web apps.

1. Force https on the webserver, which seems to me like the best option. Details here: http://serverfault.com/a/401632/3641 However, it seems we can't do this on PA - https://www.pythonanywhere.com/forums/topic/316/ Is that still accurate?

2. Use Django to force https. I found https://github.com/rdegges/django-sslify which seems right on point, however I just wanted to verify that we can't do anything on the server side (or another better solution) before implementing this application into our project.

Hey there, that's correct, we don't do anything at the web server level, HTTPS redirection is up to you...

Thanks Harry, just wanted to make sure I wasn't missing anything obvious before going forward with that option.

The redirecting is working correctly now, however there is a problem with the cert on our test.studentrentit.com application. From what I can tell, it's something you need to change on your end, please correct me if I'm wrong.

Our ssl code is the same for all 3 of our web applications, and the certs are correct for studentrentit.pythonanywhere.com and www.studentrentit.com, however for test.studentrentit.com it was set up with the dev cert *.pythonanywhere.com, but it needs to allow test.studentrentit.com.

Is that something I can change, or is that the part that was on your end? It's been a few months so I can't remember now.

We have to update certs on our end, but you need to give us the certificate and the private key. The cert you have right now for the www web app only covers www.studentrentit.com, though, so if we installed it on test.studentrentit.com you'd still get a cert error in your browser -- just a different one. Do you have a cert for the test. hostname?

In case anyone else finds it useful, we have a guide to automatically redirecting all requests to https.