Anyone here have information about how one can make use of the free “Let’s Encrypt” to switch a RW site to HTTPS encryption?
Thanks!
yep here is how it works
Just like any other SSL you need access to the server to generate CSR etc. You either need to own your own servers or need to contact your hosting company.
As below link states this SSL is trusted be most browsers finally.
https://helloworld.letsencrypt.org
Now some browsers especially older ones will toss an error saying do you want to trust the site but if you click through and manually agree that this is a trusted site.
for a shopping cart I would probably spend the 25 bucks for a commercial SSL that normally have fraud insurance policy behind it say 5OK USD .
2 Likes
I use http://cloudflare.com. It has a lot of great features without having to pay for the premium plans.
1 Like
I second Cloudflare. I use the free service on every site I build. Simple and effective.
Blessings,
—Mark
1 Like
Thanks for the tips about Cloudflare too!
1 Like
I haven’t made a formal announcement yet, but Let’s Encrypt is now available for all users directly from within the Chillidog Hosting control panel 
-Greg
8 Likes
Nice work Greg! I This is a great service to offer.
That’s interesting Greg. Will there be any docs on how to use it and the benefits of doing so?
Rob
1 Like
Or the pitfalls…
And the rest of the 20 characters
Not at the moment. Little wrapped up with a couple things. It should be pretty straight forward (I hope). Just click the domain you want and hit go. It handles the set up and renewals for you automatically.
Pros:
Free
Automatic
Cons:
Not insured
Potential exploit which would affect the trust of these certs:
A note about cloudflare’s SSL option above. This only encrypts data between cloudflare and the end user. The data transferred from the host to cloudflare is unencrypted. You must have a SSL certificate set up for your website to ensure that you have end to end encryption (host to cloudflare and cloudflare to end user).
You could, in theory, use lets encrypt and cloudflare (both free versions) for full end to end encryption. This is great for the masses. If I’m running a business, however, I might buy a certificate from a trusted source. The issuer of my certificates has some integrity associated with it.
Greg
1 Like
Thanks for the tip, I used Cloudflare for my new site and it’s amazing…but only if I type in https:// if anyone just types in the website address or www. they get to the non-secure http:// version.
Is there a way I can fix that?
You can add a .htaccess file (or add entries to an existing .htaccess file to redirect your www and your http:/. to the https://. You can also use cloud flare to do this as well.