After being away from Altervista for a while, I was setting up this profile from scratch for a new project.
Non-Wordpress account (AlterSito, right?)
In an attempt to get rid of the classic "The connection is not secure, malicious users could [...]" error, I obviously enabled HTTPS from the resource control panel. I waited a bit, and then it worked:
going to moragames.altervista.org correctly uses the https protocol, and the connection is secure.
Double check, on the control panel even if I still see "HTTPS is being activated", if i click "Manage HTTPS" the page says "HTTPS ENABLED. The HTTPS protocol allows access to your site's content via a secure connection."
I then discovered that you offer third-level domains, and I tried using mine: pvz.moragames.altervista.org. But here, even though https is enabled (and works on the original domain), I'm redirected to use http, and consequently, the warning about the insecure connection.
Is this normal, or am I missing something? Why isn't a subdomain covered by the protocol? What is the reason for the partnership with Cloudflare?
Could I fix this by editing the .htaccess file with the following content?
Code:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule .* https://nome.altervista.org%{REQUEST_URI} [L,R=301]
If so, is this the only option I have if I want to use https on all subdomains?