Page 1 of 1

Can we go SSL/TLS?

Posted: Tue Jan 03, 2017 10:24 pm
by sleepyjamie
Gents,

SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?

Re: Can we go SSL/TLS?

Posted: Tue Jan 03, 2017 11:05 pm
by mumblecrunch
sleepyjamie wrote:Gents,

SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
Agreed that it would be nice to know my password isn't being splattered around every network I access this forum from in cleartext.

I haven't used Let's Encrypt yet, but I do know that some who have used it are not impressed by the 90-day validity window (and they recommend renewing every 60!). While I agree in principle that this is the way the world is going, it certainly adds a significant amount of administrative overhead, at least in terms of automating the renewal process and associated server certificate update.

An organization like BN could also go with startssl.comp (SSL server certificate with no significant validation is free for non-commerical use); this would only need to be renewed once a year. Of course that leaves you with the opposite problem of the short validity -- you forget that your certificate is expiring until it expires :) I currently use StartSSL for personal use and I'm reasonably happy with it.

Re: Can we go SSL/TLS?

Posted: Tue Jan 03, 2017 11:45 pm
by chalmers
I like the idea too, and free is a good price. Unsure where to start...

Re: Can we go SSL/TLS?

Posted: Wed Jan 04, 2017 9:01 am
by MarkPower
mumblecrunch wrote:
sleepyjamie wrote:Gents,

SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
Agreed that it would be nice to know my password isn't being splattered around every network I access this forum from in cleartext.

I haven't used Let's Encrypt yet, but I do know that some who have used it are not impressed by the 90-day validity window (and they recommend renewing every 60!). While I agree in principle that this is the way the world is going, it certainly adds a significant amount of administrative overhead, at least in terms of automating the renewal process and associated server certificate update.

An organization like BN could also go with startssl.comp (SSL server certificate with no significant validation is free for non-commerical use); this would only need to be renewed once a year. Of course that leaves you with the opposite problem of the short validity -- you forget that your certificate is expiring until it expires :) I currently use StartSSL for personal use and I'm reasonably happy with it.
You can setup a cron job to auto renew with lets-encrypt. I've been using it for a while for personal use and it has been working flawlessly. It gets the new cert and installs it with no manual intervention.

http://www.tecmint.com/install-free-let ... nd-ubuntu/

Re: Can we go SSL/TLS?

Posted: Thu Jan 05, 2017 10:56 am
by RubberToe
I'll just spring for a $10 cert that will last a year through my usual provider.

ETA... when I have some free time.

Re: Can we go SSL/TLS?

Posted: Sun Jun 04, 2017 10:10 pm
by jimboh
I personally know nothing about the hosting situation for brewnosers.org.
I have both a VPS and a Dedicated server with knownhost. With the latest version of WHM/Cpanel, Cpanel gives me the ability to provide free (cpanel) SSL Certs for all accounts on my servers. And what is more once set up they are all renewed without any intervention.
Hopefully this is the way SSL's are going and its long overdue I reckon. Absolutely nuts to have to renew and reinstall annually.

Re: Can we go SSL/TLS?

Posted: Sun Jun 04, 2017 10:16 pm
by jimboh
I think the biggest issue with going ssl is ensuring it doesn't bugger up your SEO ranking due to duplicate content.

Re: Can we go SSL/TLS?

Posted: Thu Jun 08, 2017 1:07 am
by sleepyjamie
I dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.

Re: Can we go SSL/TLS?

Posted: Thu Jun 08, 2017 12:11 pm
by jeffsmith
sleepyjamie wrote:
Thu Jun 08, 2017 1:07 am
I dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.
That's been my experience. Google seems to preference HTTPS and lists that in search results.

Re: Can we go SSL/TLS?

Posted: Thu Jun 08, 2017 10:59 pm
by sleepyjamie
jeffsmith wrote:
Thu Jun 08, 2017 12:11 pm
sleepyjamie wrote:
Thu Jun 08, 2017 1:07 am
I dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.
That's been my experience. Google seems to preference HTTPS and lists that in search results.
Yeah same here. As best practice in their SE algorithm they favour HTTPS.

Re: Can we go SSL/TLS?

Posted: Thu Jun 15, 2017 11:56 am
by jimboh
That's not the point is it? When you set up a site as https it is treated as a completely different entity as http, so you have to ensure you have redirects correct everywhere or you will lose ranking due to a) external links not pointing to https and b) the danger of duplicate content.

http and https being treated as two different entities with the same content.
If you search switching to https you will find lots of info and advise.

Re: Can we go SSL/TLS?

Posted: Thu Jun 15, 2017 12:59 pm
by RubberToe
No, we will go full https and redirect all http requests. We shouldn't lose ranking and even if we did initially Google will re-crawl us and figure it out. Not that our ranking really matters but I know this site is high up on many brewing related searches.