Can we go SSL/TLS?
- sleepyjamie
- Award Winner 5 
- Posts: 2482
- Joined: Sun Jun 12, 2011 7:05 pm
- Name: jamie
- Location: Calgary
Can we go SSL/TLS?
Gents,
SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
			
									
									SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
On Tap:
Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)
						Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)
- mumblecrunch
- Award Winner 2 
- Posts: 1203
- Joined: Sun Oct 06, 2013 7:01 pm
- Name: Aaron
- Location: Halifax
Re: Can we go SSL/TLS?
Agreed that it would be nice to know my password isn't being splattered around every network I access this forum from in cleartext.sleepyjamie wrote:Gents,
SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
I haven't used Let's Encrypt yet, but I do know that some who have used it are not impressed by the 90-day validity window (and they recommend renewing every 60!). While I agree in principle that this is the way the world is going, it certainly adds a significant amount of administrative overhead, at least in terms of automating the renewal process and associated server certificate update.
An organization like BN could also go with startssl.comp (SSL server certificate with no significant validation is free for non-commerical use); this would only need to be renewed once a year. Of course that leaves you with the opposite problem of the short validity -- you forget that your certificate is expiring until it expires
 I currently use StartSSL for personal use and I'm reasonably happy with it.
  I currently use StartSSL for personal use and I'm reasonably happy with it.- 
				chalmers
- Moderator 
- Posts: 5604
- Joined: Thu Sep 23, 2010 4:17 pm
- Name: Chris
- Location: Halifax / On The Road Again
- Contact:
Re: Can we go SSL/TLS?
I like the idea too, and free is a good price. Unsure where to start...
			
									
									Co-author of Atlantic Canada Beer Blog
						- 
				MarkPower
- Award Winner 1 
- Posts: 43
- Joined: Fri Jan 13, 2012 4:15 pm
- Name: Mark Power
- Location: Elmsdale, NS
Re: Can we go SSL/TLS?
You can setup a cron job to auto renew with lets-encrypt. I've been using it for a while for personal use and it has been working flawlessly. It gets the new cert and installs it with no manual intervention.mumblecrunch wrote:Agreed that it would be nice to know my password isn't being splattered around every network I access this forum from in cleartext.sleepyjamie wrote:Gents,
SSL is usually pricey but https://letsencrypt.org/" onclick="window.open(this.href);return false; is getting a lot of support now. Thoughts?
I haven't used Let's Encrypt yet, but I do know that some who have used it are not impressed by the 90-day validity window (and they recommend renewing every 60!). While I agree in principle that this is the way the world is going, it certainly adds a significant amount of administrative overhead, at least in terms of automating the renewal process and associated server certificate update.
An organization like BN could also go with startssl.comp (SSL server certificate with no significant validation is free for non-commerical use); this would only need to be renewed once a year. Of course that leaves you with the opposite problem of the short validity -- you forget that your certificate is expiring until it expiresI currently use StartSSL for personal use and I'm reasonably happy with it.
http://www.tecmint.com/install-free-let ... nd-ubuntu/
- RubberToe
- Award Winner 13 
- Posts: 3743
- Joined: Mon Mar 14, 2011 9:47 am
- Name: Rob
- Location: Dartmouth
- Contact:
Re: Can we go SSL/TLS?
I'll just spring for a $10 cert that will last a year through my usual provider.
ETA... when I have some free time.
			
									
									ETA... when I have some free time.
Electric Brewery Build
On tap at RubberToe's:
Sometimes on a Sunday Belgian Dubbel, Oaked Old Ale, Ordinary Bitter
						On tap at RubberToe's:
Sometimes on a Sunday Belgian Dubbel, Oaked Old Ale, Ordinary Bitter
- jimboh
- Verified User 
- Posts: 326
- Joined: Tue Dec 13, 2016 1:46 pm
- Name: jim
- Location: Jeddore NS
Re: Can we go SSL/TLS?
I personally know nothing about the hosting situation for brewnosers.org. 
I have both a VPS and a Dedicated server with knownhost. With the latest version of WHM/Cpanel, Cpanel gives me the ability to provide free (cpanel) SSL Certs for all accounts on my servers. And what is more once set up they are all renewed without any intervention.
Hopefully this is the way SSL's are going and its long overdue I reckon. Absolutely nuts to have to renew and reinstall annually.
			
									
									I have both a VPS and a Dedicated server with knownhost. With the latest version of WHM/Cpanel, Cpanel gives me the ability to provide free (cpanel) SSL Certs for all accounts on my servers. And what is more once set up they are all renewed without any intervention.
Hopefully this is the way SSL's are going and its long overdue I reckon. Absolutely nuts to have to renew and reinstall annually.
Drinking: Best Coast IPA, Old Speckled Hen Clone, Northern Lights (NG),
Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.
						Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.
- jimboh
- Verified User 
- Posts: 326
- Joined: Tue Dec 13, 2016 1:46 pm
- Name: jim
- Location: Jeddore NS
Re: Can we go SSL/TLS?
I think the biggest issue with going ssl is ensuring it doesn't bugger up your SEO ranking due to duplicate content.
			
									
									Drinking: Best Coast IPA, Old Speckled Hen Clone, Northern Lights (NG),
Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.
						Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.
- sleepyjamie
- Award Winner 5 
- Posts: 2482
- Joined: Sun Jun 12, 2011 7:05 pm
- Name: jamie
- Location: Calgary
Re: Can we go SSL/TLS?
I dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.
			
									
									On Tap:
Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)
						Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)
- jeffsmith
- Verified User 
- Posts: 4922
- Joined: Tue Apr 26, 2011 4:18 pm
- Name: Jeff Smith
- Location: Amherst, NS
- Contact:
Re: Can we go SSL/TLS?
That's been my experience. Google seems to preference HTTPS and lists that in search results.sleepyjamie wrote: ↑Thu Jun 08, 2017 1:07 amI dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.
- sleepyjamie
- Award Winner 5 
- Posts: 2482
- Joined: Sun Jun 12, 2011 7:05 pm
- Name: jamie
- Location: Calgary
Re: Can we go SSL/TLS?
Yeah same here. As best practice in their SE algorithm they favour HTTPS.jeffsmith wrote: ↑Thu Jun 08, 2017 12:11 pmThat's been my experience. Google seems to preference HTTPS and lists that in search results.sleepyjamie wrote: ↑Thu Jun 08, 2017 1:07 amI dont think SE care about HTTP vs HTTPS in the rankings. Both resolve to the same DNS.
On Tap:
Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)
						Falconers Galaxy IPA
Simcoe SMaSH
Topaz SMaSH
Cranberry Rye Saison
Monde Souterrain (Dark Saison)
- jimboh
- Verified User 
- Posts: 326
- Joined: Tue Dec 13, 2016 1:46 pm
- Name: jim
- Location: Jeddore NS
Re: Can we go SSL/TLS?
That's not the point is it? When you set up a site as https it is treated as a completely different entity as http, so you have to ensure you have redirects correct everywhere or you will lose ranking due to a) external links not pointing to https and b) the danger of duplicate content.  
http and https being treated as two different entities with the same content.
If you search switching to https you will find lots of info and advise.
			
									
									http and https being treated as two different entities with the same content.
If you search switching to https you will find lots of info and advise.
Drinking: Best Coast IPA, Old Speckled Hen Clone, Northern Lights (NG),
Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.
						Belgian Saison, Blonde Ale, Toy Soldier Stout(OBK) and 14G batch of ESB.
Fermenting: Taking a rest!
Scheduled: Another 10G of Toy Soldier Stout.
- RubberToe
- Award Winner 13 
- Posts: 3743
- Joined: Mon Mar 14, 2011 9:47 am
- Name: Rob
- Location: Dartmouth
- Contact:
Re: Can we go SSL/TLS?
No, we will go full https and redirect all http requests.  We shouldn't lose ranking and even if we did initially Google will re-crawl us and figure it out.  Not that our ranking really matters but I know this site is high up on many brewing related searches.
			
									
									Electric Brewery Build
On tap at RubberToe's:
Sometimes on a Sunday Belgian Dubbel, Oaked Old Ale, Ordinary Bitter
						On tap at RubberToe's:
Sometimes on a Sunday Belgian Dubbel, Oaked Old Ale, Ordinary Bitter
Who is online
Users browsing this forum: No registered users and 5 guests




