Can we go SSL/TLS?

A spot to talk website specific issues
Post Reply
User avatar
sleepyjamie
Award Winner 5
Award Winner 5
Posts: 2482
Joined: Sun Jun 12, 2011 7:05 pm
Name: jamie
Location: Calgary

Can we go SSL/TLS?

Post by sleepyjamie » Tue Jan 03, 2017 10:24 pm

Gents,

SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
On Tap:
Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)

User avatar
mumblecrunch
Award Winner 2
Award Winner 2
Posts: 954
Joined: Sun Oct 06, 2013 7:01 pm
Name: Aaron
Location: Halifax

Re: Can we go SSL/TLS?

Post by mumblecrunch » Tue Jan 03, 2017 11:05 pm

sleepyjamie wrote:Gents,

SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
Agreed that it would be nice to know my password isn't being splattered around every network I access this forum from in cleartext.

I haven't used Let's Encrypt yet, but I do know that some who have used it are not impressed by the 90-day validity window (and they recommend renewing every 60!). While I agree in principle that this is the way the world is going, it certainly adds a significant amount of administrative overhead, at least in terms of automating the renewal process and associated server certificate update.

An organization like BN could also go with startssl.comp (SSL server certificate with no significant validation is free for non-commerical use); this would only need to be renewed once a year. Of course that leaves you with the opposite problem of the short validity -- you forget that your certificate is expiring until it expires :) I currently use StartSSL for personal use and I'm reasonably happy with it.

chalmers
Moderator
Moderator
Posts: 5523
Joined: Thu Sep 23, 2010 4:17 pm
Name: Chris
Location: Halifax / On The Road Again
Contact:

Re: Can we go SSL/TLS?

Post by chalmers » Tue Jan 03, 2017 11:45 pm

I like the idea too, and free is a good price. Unsure where to start...

MarkPower
Award Winner 1
Award Winner 1
Posts: 40
Joined: Fri Jan 13, 2012 4:15 pm
Name: Mark Power

Re: Can we go SSL/TLS?

Post by MarkPower » Wed Jan 04, 2017 9:01 am

mumblecrunch wrote:
sleepyjamie wrote:Gents,

SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
Agreed that it would be nice to know my password isn't being splattered around every network I access this forum from in cleartext.

I haven't used Let's Encrypt yet, but I do know that some who have used it are not impressed by the 90-day validity window (and they recommend renewing every 60!). While I agree in principle that this is the way the world is going, it certainly adds a significant amount of administrative overhead, at least in terms of automating the renewal process and associated server certificate update.

An organization like BN could also go with startssl.comp (SSL server certificate with no significant validation is free for non-commerical use); this would only need to be renewed once a year. Of course that leaves you with the opposite problem of the short validity -- you forget that your certificate is expiring until it expires :) I currently use StartSSL for personal use and I'm reasonably happy with it.
You can setup a cron job to auto renew with lets-encrypt. I've been using it for a while for personal use and it has been working flawlessly. It gets the new cert and installs it with no manual intervention.

http://www.tecmint.com/install-free-let ... nd-ubuntu/

User avatar
RubberToe
Award Winner 13
Award Winner 13
Posts: 3554
Joined: Mon Mar 14, 2011 9:47 am
Name: Rob
Location: Dartmouth
Contact:

Re: Can we go SSL/TLS?

Post by RubberToe » Thu Jan 05, 2017 10:56 am

I'll just spring for a $10 cert that will last a year through my usual provider.

ETA... when I have some free time.
Electric Brewery Build
Sanke Keg Solera Project
Twitter | Flickr Photos (beer and peppers)
On tap at RubberToe's:
Munich Dunkel, Belgian Mild, Preachy Keen, Kombucha, Epic Lemonade
In the fermenter:
Lambic, An experiment

User avatar
jimboh
Verified User
Verified User
Posts: 280
Joined: Tue Dec 13, 2016 1:46 pm
Name: jim
Location: Jeddore NS

Re: Can we go SSL/TLS?

Post by jimboh » Sun Jun 04, 2017 10:10 pm

I personally know nothing about the hosting situation for brewnosers.org.
I have both a VPS and a Dedicated server with knownhost. With the latest version of WHM/Cpanel, Cpanel gives me the ability to provide free (cpanel) SSL Certs for all accounts on my servers. And what is more once set up they are all renewed without any intervention.
Hopefully this is the way SSL's are going and its long overdue I reckon. Absolutely nuts to have to renew and reinstall annually.
Drinking: Best Coast IPA, Old Speckled Hen Clone, Northern Lights (NG),
Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.

User avatar
jimboh
Verified User
Verified User
Posts: 280
Joined: Tue Dec 13, 2016 1:46 pm
Name: jim
Location: Jeddore NS

Re: Can we go SSL/TLS?

Post by jimboh » Sun Jun 04, 2017 10:16 pm

I think the biggest issue with going ssl is ensuring it doesn't bugger up your SEO ranking due to duplicate content.
Drinking: Best Coast IPA, Old Speckled Hen Clone, Northern Lights (NG),
Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.

User avatar
sleepyjamie
Award Winner 5
Award Winner 5
Posts: 2482
Joined: Sun Jun 12, 2011 7:05 pm
Name: jamie
Location: Calgary

Re: Can we go SSL/TLS?

Post by sleepyjamie » Thu Jun 08, 2017 1:07 am

I dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.
On Tap:
Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)

User avatar
jeffsmith
Verified User
Verified User
Posts: 4922
Joined: Tue Apr 26, 2011 4:18 pm
Name: Jeff Smith
Location: Amherst, NS
Contact:

Re: Can we go SSL/TLS?

Post by jeffsmith » Thu Jun 08, 2017 12:11 pm

sleepyjamie wrote:
Thu Jun 08, 2017 1:07 am
I dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.
That's been my experience. Google seems to preference HTTPS and lists that in search results.

User avatar
sleepyjamie
Award Winner 5
Award Winner 5
Posts: 2482
Joined: Sun Jun 12, 2011 7:05 pm
Name: jamie
Location: Calgary

Re: Can we go SSL/TLS?

Post by sleepyjamie » Thu Jun 08, 2017 10:59 pm

jeffsmith wrote:
Thu Jun 08, 2017 12:11 pm
sleepyjamie wrote:
Thu Jun 08, 2017 1:07 am
I dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.
That's been my experience. Google seems to preference HTTPS and lists that in search results.
Yeah same here. As best practice in their SE algorithm they favour HTTPS.
On Tap:
Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)

User avatar
jimboh
Verified User
Verified User
Posts: 280
Joined: Tue Dec 13, 2016 1:46 pm
Name: jim
Location: Jeddore NS

Re: Can we go SSL/TLS?

Post by jimboh » Thu Jun 15, 2017 11:56 am

That's not the point is it? When you set up a site as https it is treated as a completely different entity as http, so you have to ensure you have redirects correct everywhere or you will lose ranking due to a) external links not pointing to https and b) the danger of duplicate content.

http and https being treated as two different entities with the same content.
If you search switching to https you will find lots of info and advise.
Drinking: Best Coast IPA, Old Speckled Hen Clone, Northern Lights (NG),
Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.

User avatar
RubberToe
Award Winner 13
Award Winner 13
Posts: 3554
Joined: Mon Mar 14, 2011 9:47 am
Name: Rob
Location: Dartmouth
Contact:

Re: Can we go SSL/TLS?

Post by RubberToe » Thu Jun 15, 2017 12:59 pm

No, we will go full https and redirect all http requests. We shouldn't lose ranking and even if we did initially Google will re-crawl us and figure it out. Not that our ranking really matters but I know this site is high up on many brewing related searches.
Electric Brewery Build
Sanke Keg Solera Project
Twitter | Flickr Photos (beer and peppers)
On tap at RubberToe's:
Munich Dunkel, Belgian Mild, Preachy Keen, Kombucha, Epic Lemonade
In the fermenter:
Lambic, An experiment

Post Reply

Return to “Site Discussion”

Who is online

Users browsing this forum: No registered users and 2 guests