I am running a site https://coderjobmarket.com on a DigitalOcean droplet using Ubuntu 18.04 and Nginx 1.14.0. I also intend to have a Flask app using WSGI as its production server.
It would be enough to use HTTP with this server, except for a problem I have with my site: Namely, my site sends a query to the Flask server, and the browser demands the response be in HTTPS, or else it gives a “Mixed Content” error (receiving HTTP on a HTTPS site) and blocks the Flask server’s response.
The specific error message I get from my browser is this:
“Mixed Content: The page at ‘https://coderjobmarket.com/results’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://184.108.40.206:5000/lang/vue/loc/Vancouver’. This request has been blocked; the content must be served over HTTPS.”
My question is, how can I get a SSL certificate for my Flask server so it can send data over HTTPS?
My second question is, if I use a self signed SSL certificate, will the page give me one of these warnings when it tries to load the response from the Flask server? One of these:
https://assets.digitalocean.com/articles/nginx_ssl_1604/self_signed_warning.png (Big red padlock, and the message in h1 tags, “Your connection is not private”)
If the answer is “yes, it will give every user a warning that their connection is not private,” then the Self Signed SSL Certificate option does not work for me.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.