[ozfive]

This site also had mixed content due to it using a forward proxy with ARR in IIS. Since ARR doesn't forward https requests it is truly turning into a mess. There isn't an option to just move it to another webserver as that would be it's own undertaking with the dynamic part of the site being ColdFusion.

> I mean, uh sure, I'll volunteer to move your sites to https, but I don't think giving a random dude on the internet root access to fix the webserver config is a good idea ;-)

In this point yeah I agree you don't want to let just random dudes have root access to a site. On the other hand I run my own legitimate consulting business and if you think about it. Every time I am winning over a new client for all intents and purposes I am just a random dude. :)

[lawl]

You can always just put an nginx in front of it to terminate TLS there. Sounds like a legacy mess nobody intends to maintain anymore anyways. Or hell, cloudflare them. Kinda pointless since you won't have TLS to the backend server, but the easiest "solution". I maintain that's it's possible to inject a header and terminate TLS however messy the system is within an hour.