Patch notes

SSL Certs

Patch Notes · Apr 16, 2018

Today we have a rather big update from the backend to announce, as Shivtr has moved entirely to https and now uses SSL throughout our service =)

SSL For Shivtr Subdomains
If you use an official Shivtr subdomain for your site, such as * or *, your site is now served over https by default, and will show the green secure lock in browsers =)

SSL For Custom Domains
If you use your own custom domain name for your site and are on the Epic or higher plan, you can now request an SSL cert for your domain name, and we can apply it for you. A note that you can do this has been added in our features page.

SSL Lock has a warning?
Though your site now should show the green lock, you may encounter an issue where the lock is grey or has a warning with it, saying not all content is served over https.

If you run into this, it is likely due to you including images on your site that are not served over https (for example by linking to an external image in a forum post or news entry). Updating these paths to be served over https will resolve this.

The easiest way to fix this is to use Google Chrome and right click on your page and go to Inspect, then go to the Security tab, you should see it mention Mixed Content. Then reload the page with this open, and it will show you the exact images you need to update.

Domain Names may no longer have "." in them
To support https with our subdomains, you may no longer use a "." in your domain name. The reason for this is because our SSL certs are for *, such as * or * If your guild domain was "", this would not match the certificate and throw an invalid certificate error in the browser. An easy fix would be to update this example to

  • Bank members who are inactive/deleted will no longer show in the Members tab of the Bank.
  • WoW Profiles have been fixed to work with updated stats
  • Several CSS fixes have been made to the Glare/Scrime themes.
  • The image gallery got a fix to its storage calculations to ensure they are correct

That's all for this update. Happy Gaming =)


Ghanza ·
goodjob, thanks
Ula Vii ·
Yaay great news, thank you! πŸ˜€

I fixed some broken image links and a few other little bits and pieces to do with my own customisations but there are a few I can't do anything about:

The YouTube tag is converting https links into http so they don't show up. Example:

Also getting a bunch of font errors from the auto-generated JS file:

"Blocked loading mixed active content β€œ,700”"

A bunch of errors with the Pusher service as well:

Firefox can’t establish a connection to the server at wss://
The connection to wss:// was interrupted while the page was loading.
Pusher : Error : {"type":"WebSocketError","error":{"isTrusted":true}}

The maps page doesn't load the map:

Loading failed for the <script> with source β€œ”
ReferenceError: google is not defined

Sorry, I know it sucks to see a wall of issues like that. When I started it was just a couple of things I noticed on the front page but then I went through the entire sites main menu and list kinda ballooned!

P.S. I used the Pusher service in a project recently, was very cool moment when the two clients were able to see each other πŸ˜ƒ
8 Toes ·
Thanks for the reports =)

  • Google Map is now fixed
  • Google Fonts is now fixed (tho each theme must be updated, so it may be an hour or two before the script finishes updating all site themes so you see the fix)
  • YouTube is now fixed (tho if a post is cached you may have to wait, or you can force update it by editing/updating it)

Checking on the pusher fix, will report back once its resolved =)
8 Toes ·
Pusher should mostly be fixed now aside from a few issues with it updating still tweaking; but should be a green lock now and no issues with it blocking the cert =)
Ula Vii ·
Found another one! If I click the person icon in the top right corner to show me who is online. My guild members profile pictures trigger the warning:

Loading mixed (insecure) display content β€œ” on a secure page

With a single page reload I will see the same error message multiple times for each profile image. It seems to vary, one image is generating 5 warnings, another 4 and another 3.

I see more of the messages if I have clicked the person button and the bottom left panel with all their names is displayed but even if I don't do that and it remains closed I still see a few of the warnings.

Not sure why this didn't show up in my testing last night.

Totally getting there, you're doing an ace job with the transition πŸ‘
8 Toes ·
Ah thanks, the who's online list should now also be fixed to load avatars over https =)
Ula Vii ·

Heh, you're going to hate me but I'm still getting some font issues. This could be due to my hosts file though (I use the MVP list):

Blocked loading mixed active content β€œ”

I get 6 of those errors on each page. Each is the same as above, just the file names are different. Here are the files:

What's even weirder is if I open the homepage I see the same 6 errors repeated 3 times in the same order (so 18 error lines in total).

Visually, the site is once again showing the correct fonts including Play so not sure why it's complaining that it can't be loaded.
8 Toes ·
Hmm that seems strange, is this on your home page?

Because when I visit I see the green lock, and don't see these errors in the console...

Our fonts should be loaded over https now when chosen in the theme editor; on my test site at loading Play font seems fine with green lock as well.

This line:

Seems definitely to not be from us; so perhaps somewhere else is loading or changing these fonts? (tho visiting your site as a guest is showing green lock for me)
Ula Vii ·
Hmmm well I guess that's good news then, the problem must be on my end!

I checked IE, Edge, Opera, Chrome and FF and it only seems to be FF giving those messages. I think it's trying to be clever but failing. I have a several FF browser instances open and each has several tabs. So one instance is the ever growing selection of docs I have to read, another has the tabs for the site I'm working on etc etc. One instance is all the pending guild related tasks I have to do, so about 15 tabs. Some of those are unsaved site posts so I haven't refreshed the tabs since you implemented the update. My totally "out there" guess is that the new tab in this other instance is trying to load assets or somehow linked to the other older tabs in the other instance. Like I said in the previous post, visually everything looks fine to me so I'll just ignore the messages and take it as motivation to chew through some more guild-work next time I take a break from work-work πŸ˜…

Thanks for looking into it, apart from FF being naughty it seems everything is hunky-dory, good job πŸ‘

Out of curiosity, any ETA on that mobile responsive update? I'm super stacked with the things I'm working on so I'm kinda nervous about logging in and finding you've gone live with it when I don't have time to update the theme. At the same time though, it's exciting that you're doing it πŸ˜ƒ
8 Toes ·
Just tested your site in firefox and it appears fine for me and shows the green lock; so I am unfortunately not sure why you may see that, and just in your firefox.

For the mobile update, its pretty big as shivtr has many sections; so its a few months away at least =)
Ula Vii ·
Phew! ha this is probably the first time ever where I've wanted a cool new feature to be set back in time. Few months sounds good to me. Also means I should probably take care of some of the current site bits as well then since I shelved a bunch of things in expectation of the responsive update dropping imminently.

Thanks for the ETA, it lets me plan my time out better πŸ‘Š
Ula Vii ·
Found another mixed-content warning. This one is a repeat from before as it is for avatar images. My guess is that you only changed the paths for active accounts. Here's an example:

Dalgen, the first reply was deactivated a few weeks ago and his profile image still has the insecure path.
8 Toes ·
This is likely due to caching, try editing/updating the forum post and it should likely fix it =)

(our cache should fully clear out old ones soon, we set expiry for 1 week, and while it can last longer, it usually gets cleared shortly after due to new content taking the spot)
Ula Vii ·
Ya that did it, thanks πŸ˜€
smccam816 ·
Hi! I downloaded Google Chrome to check on things as suggested in the article. This isn't a huge deal, but every page on my website is secure with the green lock except for when the Noise advertisement shows up since I use the free version.

Non-secure origins

Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure image ''. This content should also be served over HTTPS.

Otherwise, great job fixing bugs and cleaning things up! I love Shivtr.
8 Toes ·
Thanks for reporting this, this is now fixed =)
smccam816 ·
Awesome, thank you! :D
Ankon ·
Hey, I am a cybersecurity expert working in the technology industry. as i have been working in this sector, i have deep knowledge on cybersecurity, Database management, web development and software development. Love love to share knowledge on cybersecurity. <a href="">Helical</a> is a perfect example for gathering knowledge on cybersecurity.
Capt. Casmo ·
I want to know what I have to do to get a game added to the site Astro Empires is the site that I have built the fourm for
8 Toes ·
Our games DB is entirely automated, you can choose a New Game for your site and type it in, and once enough other active guilds use the same name it becomes available as an official choice. [similarly if a game drops out of popularity it gets hidden from our games db]
Zenny ·
Hi, this isn't actually related to the blog post, but I'd have couple of feature requests.
It would be very nice if event calendar had these abilities:
- Ability to export an event from event calendar to Google calendar and/or iCal format.
- Ability to see a summary of all the events one has signed up for.
- Ability to have notifications send to email (x hours/minutes) before the event one has signed up for is about to start.
Jacob ·
This may be completely irrelevant to this post in particular, but the real-time chatting seems to be improperly functioning and refreshing is required to view anything sent in the chat. Is there any way this can be fixed? It's been happening for over a day now, and it's quite the inconvenience.
8 Toes ·
Thanks for reporting this, the chat should now be fixed and working again =)
Ula Vii ·
So now the big scary SSL update is done, have you gotten any closer to a decision on what to do about feedback/suggestions/questions? It's a real shame about the old service as visually that fit in really well.

I've got three requests:

In the Layout Manager could you let us have more than one text/HTML block in the center column please? To show what I mean, I added a HTML and a Text block to the bottom of the About Us page. Neither show up. It doesn't matter if one is deleted or the order reversed. Only the main content block is visible. This only affects the center column. The home page seems to work differently and I can add as many text/HTML blocks as I want and they all show up.

The second request is for an addition to the Forums side block. It would be great if we could pick a specific forum to show newest posts from. An example of its usage is that we have a Raid Squad Recruitment forum. Each raid team creates a new thread when they are recruiting and any random raiders that want to join a team do the same. It would be nice if those posts could be displayed in our sites sidebar.

The third is an automatic event countdown side block. It would show a list of events and a countdown till their start time. Icing on the cake would be if we could hide certain events from it, maybe a new tickbox on the event page "Hide from event tracker". The calendar at the top of our site shows the kind of events to hide: most of the darker faded out events are for our progression raid teams. No point displaying those in the event countdown. I think this would help with the various timezone issues. Despite us posting a link for people to set their timezone on the website on all new applications there is still a fair few people who get it wrong. Gets even crazier when we switch between GMT and BST πŸ˜…
Ravenlore ·
How do I request to apply an SSL cert to my custom domain?
Ula Vii ·
I have a new feature request. Could you please enable logging for likes and dislikes on posts please? I do like the system in general but recently we've been having problems were the anonymity is being abused by some people to pick on others with lots of down votes. I think if guild members knew we could see who is making them then they will think twice.
Raition ·
How long will I wait for a new certificate that the connection is secure?
Eva Green ·
Thank you for posting info
henrycookus ·
If you have purchased Roku, then it has to be installed initially. When you’ve Roku Streaming Stick or Roku Box, the installation process for many of them will be the same.

If you were logged in you could add your comments to the discussion!