I wish I could answer this. I have reported it to @Douglas Justice when I first saw it about 10 days ago; Douglas has been forwarding the emails I have sent him. I also wrote to the garden's contact email three days ago. I received an email reply today asking for more information. I have replied with screen prints. I am finding the system much more usable than it was for me last week. I have no idea whether something has been done, or whether my browser has just decided to go with the flow.
I haven't found this to be an issue on my desktop computer, it does rear its ugly head every time I try to access the forums on my phone... which I tend to probably use more... Yup, it's an inconvenience but there's still access!
I guess it depends what exactly "Not secure" means. I mentioned before not understanding why the pages are working so much better for me this week. Last week there were several functions I could not do on my desktop, such as Reply and Like.
Try searching something like "implications of websites that are "Not Secure". Bottom line: Sensitive information gets stolen. This is not a risk I am happy to take.
I run my desktop with both a VPN and a malware scanner that are active at all times. The malware scanner, Malwarebytes, catches anything that even remotely looks there could be something nefarious going on and it stays completely mum when I access the forums on my desktop with the certificate expired. Access to the forums has gone from HTTPS to HTTP, nothing more. There's the highly remote possibility the communication between you and the server that hosts the forum could possibly be intercepted as it applies to the transmission of your login credentials such as your user id and password. I would be concerned about a lack of a valid TLS/SSL certificate on a commercial site where you conduct credit card transactions, a forum such as this where no credit card transactions are conducted not so much. We all have our own level of caution, be vigilant for sure but there is such as thing as being too sensitive IMHO. Talking about being cautious, when was the last time you changed your passwords.....
This is what I see on my phone. It's obvious the browser has thrown up the flag. I also use Firefox on my desktop and it didn't bring up any concerns....
On my desktop, Firefox brought up the same page warning, allowing me to proceed anyway, and when it opened the forum page, there is still the warning but it's not as dramatic as the one on the Edge browser, just using an icon showing . When I mouse over the warning triangle on the padlock, it says "You have added a security exception for this site". The badge mouse-over does say "No trackers known to Firefox were detected on this page".
On my desktop while I don't get the pop-up I do see a notice on the tab stating "Site's certificate expired | UBC Botanical Garden Forums"..... Just for fun I also tried Chrome and Edge and you're right, they're a little more dramatic.....
I’m glad to find (and now be able to access) this thread :-) I received the site certificate expired message and also for a couple of weeks it wouldn’t let me actually access the site. I got back in a few days ago at least to many of the pages. I noticed some I’m still blocked from. I’m also getting reports from other users who can’t get in, with varying error, messages,. I have been in contact with site admin who are working on it.
It is strange, that botanicalgarden.ubc.ca and forums.botanicalgarden.ubc.ca are using different certificate issuer The certificate for the forum has been expired 33 days already. A new certificate should cost ca 20 $. It is still unsecure to visit a site with expired certificate, because a man of the middle attack can take more easily over the session or steal any account credentials. Judging by dates, a new certificate was bought for botanicalgarden.ubc.ca just couple of days before expiration of the old certificate, but it either is not installed for the server, that hosts the forum, or the forum is not included (the "*." part is missing at the beginning of the new certificate).
Rob Padwick is the person who fixed this, sorted out the request and receiving a new certificate on January 9. They are also reviewing server set up so it sounds like their work and support is ongoing :-). So happy this is fixed - thank you Rob!
