I have developed a website and deployed it via Google App Engine. But when I open the website with full url let's say "https://www.website.com" it opens but when I type "website.com" in url section of the browser it doesn't opens and says the site is not secure. How can I resolve this?
CodePudding user response:
It looks like a couple of things are happening
If you just type in 'website.com', the browser will try to open 'http://website.com' (note there is no subdomain -www i.e. you are using the naked domain) unless you have done a redirection to 'www' in which case, you will get 'http://www.website.com'
If you have specified 'secure' always in your 'app.yaml' file, then GAE will redirect the 'http' to 'https'
It seems like
a) You have specified 'secure always' in your app.yaml file
b) You are not redirecting naked domain to sub-domain
c) You have mapped the sub domain, 'www' to your GAE appspot domain. You have not mapped the naked domain
Solution
- Map both naked and subdomain (www) of your custom domain to your appspot.com urls
- Enable SSL for both mappings
CodePudding user response:
The browser will give you a not secure message but it will also allow you to "proceed with risk".
For example, take a look at this image: chrome screenshot ssl warning
Click on Advanced >> Proceed to website name (unsafe). This will take you to the website.
Basically, the original problem is that your website is not redirecting to https when someone lands on the http page.
Follow this tutorial here to do so: https://cloud.google.com/appengine/docs/standard/nodejs/application-security
Edit 1 I have just read your question again. I think your website does redirect from http to https but the problem is that the SSL certificate attached to this website is invalid. You need to have a good SSL certificate; one which has not expired.