Let's Encrypt - switch to HTTPS


#1

Anyone here have information about how one can make use of the free “Let’s Encrypt” to switch a RW site to HTTPS encryption?

Thanks!


(Scott Steven) #2

yep here is how it works

https://letsencrypt.org/how-it-works/

Just like any other SSL you need access to the server to generate CSR etc. You either need to own your own servers or need to contact your hosting company.

As below link states this SSL is trusted be most browsers finally.

https://helloworld.letsencrypt.org

Now some browsers especially older ones will toss an error saying do you want to trust the site but if you click through and manually agree that this is a trusted site.

for a shopping cart I would probably spend the 25 bucks for a commercial SSL that normally have fraud insurance policy behind it say 5OK USD .


#3

Thanks so much for the info @scottsteven! Very helpful!


(Silas 'Shadow' skiá) #4

I use http://cloudflare.com. It has a lot of great features without having to pay for the premium plans.


(Mark Spaulding) #5

I second Cloudflare. I use the free service on every site I build. Simple and effective.
Blessings,
—Mark


#6

Thanks for the tips about Cloudflare too!


(Gregory Barchard) #7

I haven’t made a formal announcement yet, but Let’s Encrypt is now available for all users directly from within the Chillidog Hosting control panel :slight_smile:

-Greg


Automatically secure you sites (via SSL)
Fixing Hacked Content
(Silas 'Shadow' skiá) #8

Nice work Greg! I This is a great service to offer.


(Rob Beattie) #9

That’s interesting Greg. Will there be any docs on how to use it and the benefits of doing so?

Rob


(scott williams) #10

Or the pitfalls…

And the rest of the 20 characters


(Gregory Barchard) #11

Not at the moment. Little wrapped up with a couple things. It should be pretty straight forward (I hope). Just click the domain you want and hit go. It handles the set up and renewals for you automatically.

Pros:
Free
Automatic

Cons:
Not insured
Potential exploit which would affect the trust of these certs:

A note about cloudflare’s SSL option above. This only encrypts data between cloudflare and the end user. The data transferred from the host to cloudflare is unencrypted. You must have a SSL certificate set up for your website to ensure that you have end to end encryption (host to cloudflare and cloudflare to end user).

You could, in theory, use lets encrypt and cloudflare (both free versions) for full end to end encryption. This is great for the masses. If I’m running a business, however, I might buy a certificate from a trusted source. The issuer of my certificates has some integrity associated with it.

Greg


(Tom) #12

Thanks for the tip, I used Cloudflare for my new site and it’s amazing…but only if I type in https:// if anyone just types in the website address or www. they get to the non-secure http:// version.

Is there a way I can fix that?


(Doug Bennett) #13

You can add a .htaccess file (or add entries to an existing .htaccess file to redirect your www and your http:/. to the https://. You can also use cloud flare to do this as well.