On Wed, Feb 22, 2017 at 7:14 AM, John P. New wikitech@hazelden.ca wrote:
I am running MediaWiki 1.28 on a shared host, which means no access to node.js. So in order to run Parsoid and RESTbase I have installed both on my home server. As such, I have no way of getting a trusted SSL certificate for it; the most I could do is a self-signed certificate, which I am sure will cause as many browser complaints as the current mixed-content does.
VE calls are proxied through the wiki; you can serve them in SSL but make the wiki -> Parsoid server calls in plaintext. That said, you should definitely use Let's Encrypt; it's very easy to set up and you have one less script injection / cookie stealing vulnerability.