Thanks for the replies. about the .htaccess file, I’m concerned that won’t fix the problem because of this FAQ from my host neocities:
Do you support .htaccess files?
No. And we don’t intend to.
The .htaccess file is an Apache specific thing, and we don’t use Apache for our backend. In addition, we generally don’t add features to Neocities that make the functionality of sites depend on custom backend functionality.
The full explanation is on their contact page (I’d link to the full explanation but am limited on how many URLs I can post as a new member), but I’m interpreting that to mean that adding it to my URL won’t solve the problem and may create another problem?
I got a new error message today when trying to load my site, It’s not mentioning an hsts error but instead now gives me a SSL_ERROR_BAD_CERT_DOMAIN with the explanation “Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.mywebsite.com. The certificate is only valid for mywebsite.com.” Thoughts?
going through some of the suggestions…
• Read all info at your host concerning certificates & switching to HTTPS and when applicable, follow those instructions.
neocities is super basic and doesn’t have any of this kind of capability, switching to HTTPS or detail on certificates. The only thing I can find on both is that they use Let’s Encrypt for people with custom domains (me!) and default to HTTPS. From what I can tell just HTTP isn’t an option here.
• Install security certificate.
I’ve done that here at dreamhost, neocities does it on its own and I don’t have access to any of the back end info
• Have your host enable HTTPS (if needed.) This will enable access from both HTTP & HTTPS allowing normal access while you test.
HTTPS is the default for my host
• Go through site, page by page & make sure all file paths are relative (no protocol.) Test by accessing site using HTTPS and look for any browser alerts.
Not sure I understand what this is suggesting but there is only one page right now. I get an alert when accessing the site with HTTPS and when I try with HTTP, it redirects to HTTPS and shows the same alert. Currently it’s the SSL_ERROR_BAD_CERT_DOMAIN error mentioned above.
• Edit any absolute paths to HTTPS
there’s not too much to go through right now but there was one link that was written with HTTP and I corrected it to HTTPS
• Update any Plugins or APIs to HTTPS
I’m not aware of any plugins or APIs associated with my site on either the host or domain sides
• Install 301 redirect code in .htaccess file
I have not yet created a .htaccess file so I assume I don’t have one yet given that. I’ve read a bit about it on the dreamhost knowledge base and it feels outside my current skill level, right now I’m weighing the amount of time it’ll take to figure out (correctly) against what neocities says about .htaccess files and me thinking it won’t solve the problem