my GUI doesn't work after enabling ssl in my main domain

[nasrumed]

hello guys,
I just enabled ssl in my domain and since then i have those GUI glitches when using https , i'm using an AC66U

Any idea why ?

 

[Nullity]

Try clearing the browser's cache and other locally stored data?
Rebooting the router is always something to try.

 

[watusi]

I don't know what you mean by your "main domain".

Where are you accessing the router from? From within your network, or from outside?

I have to assume from within your network, because the screenshot shows that at the time you did not have an Internet connection. It is waiting for DHCP from the modem to assign an address.

That has nothing to do with SSL.

Did you mean that you enabled SSL for the router UI?

 

[watusi]

Oh, I see parts of the UI are missing. Is that what you mean?

Most browsers don't like it when you try to load http: resources from a page that was loaded via https: They insist that if the page is loaded https: then everything - JS, CSS, images, etc. need to also be served with https:.

I don't know how AsusWrt-Merlin deals with this. If the links in the HTML pages are all relative and have no protocol specified, it should not be a problem. If they have explicit http: then it has to change them to https: Somebody more familiar should comment.

You can probably change your browser settings to work-around. It depends on your browser. In most cases, you should be able to change it just for a single site. (e.g. your router UI).

I don't use SSL on the router UI, I don't see the point. I don't expose it to the Internet, I have no reason. (Not that others might not have a reason...) I don't have anybody snooping inside my home network, so http: is just fine by me.

YMMV.

 

[nasrumed]

I don't know what you mean by your "main domain".

Where are you accessing the router from? From within your network, or from outside?

I have to assume from within your network, because the screenshot shows that at the time you did not have an Internet connection. It is waiting for DHCP from the modem to assign an address.

That has nothing to do with SSL.

Did you mean that you enabled SSL for the router UI?

i'm accesing the router from the outside with a no-ip domain that i bought, and i moved my names server to cloudflare so i could use their new free ssl service ( the flexible one ) https://www.cloudflare.com/ssl

why am i doing this ? so i could quickly bypass this annoying warning message i get everytime i'm using the https protocol because i often use aicloud in the outside
( yes i know, i'm a lazy guy )

 

[Deleted member 27741]

Looking at the diagrams for the flexible and full ssl, it suggests the router not use ssl for the flexible version, right?

Then should you have ssl DISABLED on the router (or use the https port instead of the https) and just let the cloudflare take care of the encryption? I am not sure you mentioned the specifics of your setup.

Or you could use the full ssl with router ssl turned on... looks more secure and should work since it will accept self-signed certs, right?

 

[watusi]

i'm accesing the router from the outside with a no-ip domain that i bought, and i moved my names server to cloudflare so i could use their new free ssl service ( the flexible one ) https://www.cloudflare.com/ssl

Please realize what this is protecting and not protecting.

When you (or anybody) accesses your site from Starbucks, it protects them from the hacker barista who brought in a fancy managed switch that he installed in the back room so that he could steal your credit card numbers. And it will protect from any other snooping between Starbucks and Cloudflare's data center.

It offers NO protection between Cloudflare and your server. That is unencrypted. This is USUALLY a less exposed environment than Starbucks. (e.g. access typically limited to employees of Internet backbone providers, employees of your ISP, others who have some physical access, etc.)

I don't really see the point of this. I especially don't like the false sense of security that this gives visitors, who will see a "lock" icon for a session that is NOT end-to-end encrypted! For your own use, as long as you understand this, cool. I think it is NOT COOL at all for any public-facing website!

If you just want to access your router remotely (or, for that matter, anything on your internal network) I would just use OpenVPN.

I'm not sure if their "flexible" option is supposed to work if your server has SSL enabled. But if your server has SSL enabled, YOU DO NOT NEED THE CLOUDFLARE SSL SERVICE!

 

[nasrumed]

Please realize what this is protecting and not protecting.

When you (or anybody) accesses your site from Starbucks, it protects them from the hacker barista who brought in a fancy managed switch that he installed in the back room so that he could steal your credit card numbers.

And from any other snooping between Starbucks and Cloudflare.

It offers no protection between Cloudflare and your server. That is unencrypted.

I don't really see the point of this.

If you just want to access your router remotely (or, for that matter, anything on your internal network) I would just use OpenVPN.

I'm not doing this for the protection, it's about getting the free ssl certificate in my domain so i could avoid the warning message about the non secure certficate when i use the https protocol with aicloud and downloadmaster