Please make paratext.org https

Question

I was surprised to notice today that access to paratext.org is not SSL encrypted. That means that, despite having to log in, if I forget to switch on my VPN any relay along the line could monitor what I’m reading on the site.

I guess this is just a legacy thing that has never been updated, but I think it should be looked into!

Answer 1

I know this is an old thread, but I think this is relevant. Either paratext.org never became truly HTTPS (even though pt8.paratext.org is), or it has broken since them. It’s SSL certificate expired 165 days ago, which means my browser is giving all the warnings and such that it would give for a “dangerous” website.

image.png959×576 106 KB

Any plans to renew these certs?

Keep in mind that not everyone knows to go to pt8.paratext.org, and search engines are likely to direct users to paratext.org.

Comments

I seem to get redirected to pt8.paratext.org with no warnings. I checked my Firefox settings for exceptions (that override the warnings) and there were none.

---

Mercado:

Any plans to renew these certs?

Very unlikely. Paratext.org only exists to redirect people to pt8.paratext.org at the moment. We were hoping the paratext.org site would be replaced with the contents of pt8.paratext.org by now, but there have been several complications with getting that setup.

Mercado:

Keep in mind that not everyone knows to go to pt8.paratext.org, and search engines are likely to direct users to paratext.org.

Like wdavidhj, it seems to redirect without an error for me unless I specifically type in “https://paratext.org”.

Answer 2

The whole website is being redone for Paratext 8.0. I would be very surprised if the whole thing was not encrypted after the redesign as the whole backend is also being redone using more-modern methods. Granted, it is still a ways off from being implemented, but I thought I should point it out as the changes would probably be throw-away.