"Not Secure" warning

This seems unreasonable to me. My host is $30 per year, very good service, free SSL certificate, free set up fee, etc. Nor is my hosting company unique in that way. Unfortunately the company I use is for academic institutions and academics only. But others can surely chime in here on their recommendations.

https://www.chillidoghosting.com is one company several using RW use. But there are others also.

Who doesn’t anymore heres a few to start shopping

I have 12 sites with one.com - very good uptime, free SSL and 1st year free (small setup fee) - Works for me!

I’ve been investigating an SSL certificate through our current host synergywebservices.ca and they offer one for free but the secure URL will be https://secure11.securewebexchange.com/“our domain name”

I don’t see how that would be of use to us. To get it to work with our actual domain name (called “Vanity”) there is an extra fee. I checked out the Cloudfare site and at first it appears to have the certificate for free, but it’s not clear to me if it’s just the same as synergy. Same with One.com - it just says SSL certificate.

Do Cloudflare and One’s free certificates allow me to use my web domain? Is there a way to use Synergy’s free certificate but maintain my actual domain?

I think you should ditch your current host and find one that gives you the SSL for free.

1 Like

I agree with Paul (@pmjd ) I would look for new new hosting company.

The way they’re offering the “free” SSL is to run your sit as a sub-domain of some other URL. That was a common practice for hosting companies 5 or more years ago.

It sounds as if they’re not keeping current on best practices in hosting.
Let’s Encrypt certificates are free to them to offer, and run your domain as is. The really only reason today to buy a certificate is if you’re concerned about carrying an insurance bond. Most of the paid ones have a liability bond associated with them.

Certificates are issued by domain name so there’s no way to use your URL’s with their certificate. With Let’s Encrypt you get your own certificate that gets installed and renewed on your domain.

CloudFlare will work as a “proxy” server providing your pages over there network. To the end users they aren’t aware that they are getting your pages served via CloudFlare, so the URL’s looks the same.

Keep in mind with CloudFlare pages are only secure from the CloudFlare server to the users computer. Unless you have a certificate on your server they’ll be non secure from your host to the CloudFlare server.

So even if you want to use CloudFlare for speed or other reasons, I’d still want to have a certificate on the server.

If you really don’t want to change hosts, then CloudFlare would get rid of the non secure warning. There’s a ton of posts here about setting up CloudFlare.

Thanks. I started doing the Let’s Encrypt thing then realized they only last for a couple of months.

Is there a recommended host that offers a “proper” certificate? Bluehost appears to be top rated.

Let’s Encrypt certificates can (should) be setup to auto-renew. Once setup, you should not have to worry about it. There’s no downside to using to on a web server.

Hmmm. I only mentioned they expire because they make a point for you to sign up so you’ll be emailed when they expire.

The UK hosting company I use have setup to use Lets Encrypt for free and they have setup the auto renewal process as part of that so that it is a simple set and forget.

Yes, I have 12 sites all with one.com - all SSL - all with my domain names - all FREE.

If your hosting company offers Let’s Encrypt, the certificates should automatically renew prior to the 90 day expiration. With most host I’ve seen that offer the free certificate it’s a simple toggle option in their control panel. The auto renewal is automatic.

If you’re trying to install Let’s Encrypt on your own (the host doesn’t offer the free service) you’ll need shell access on the web server. Without shell access you would have to repeat a manual (time consuming) process several times a year.

The reality is even with shell access, unless you’re comfortable with Unix command line it’s going to be difficult to get setup on your own. Let’s Encrypt has a good support community to help you out, but for most folks its easier to switch to a hosting company that has setup the automatic process.

The hosting company has to go through a similar process once (might take a good admin a few hours) and boom, every client would have a simple toggle to turn on automatic renewing Let’s Encrypt.

Thanks guys. My current host only offers up a way to upload a certificate. So I could create one manually with Let’s Encrypt which I already tried, but I’m going to see about switching hosts so it’s not a pain renewing.

This tutorial is very good although the Cloudlfare website looks slightly different now.

I work for a web directory, and one of my tasks is to find sites and list them in the directory. You would be shocked at how many companies – and even governmental sites – do not have secure sites.

I personally have no problem viewing such sites, but I would never list one in the directory due to the warnings that most browsers give. It would be suicide, because the the public, for whom we list these sites, would by and large not continue to the sites, and eventually, it reflects badly on our directory.

I’ve spoken to editors with other directories, and it seems that the majority of them would not list them either.

Overall, that would affect the site owner’s traffic.

1 Like

Most web hosting company’s support department will tell you how to do it or send you an article or two. But if you try and cannot do it, you can usually get them to do it for you. It’s not that difficult once you understand what you’re doing.

And frankly, it seems to me that if you can make websites in the complicated Rapidweaver, you can most likely take the steps to secure the site. I have faith that you could do it :slight_smile:

Indeed, see my previous posts in this thread.
One hosting service simply installed it for me, free of charge.
Godaddy however, still seems to think that they can make money on the SSL deal.

The link to the Realmac tutorial that I posted is very helpful and does not include
much of the unnecessary web esoterica that I was encountering on the forum and other websites, pertaining to this subject.

Yep. Typical of GoDaddy. They are probably still to recoup the money for their Super bowl ads. :slight_smile:

I left them for a company that has 24/7 support, with all of their support personnel being native American English speakers, and all of whom have tended my 38 domains for years.

Just a quick update, in case anyone’s interested. We finally switched hosts. Our domain was already through Rebel.ca and we heard good things about them as a company. The have a partner who supplies the SSL. The first year hosting was half price, but even at their full price plus the SSL certificate it’s less money than our old host. To top it all off, they migrated everything for free and even installed the certificate, created the htaccess file, made a few changes with Google and even did a find and replace on our website files to change http to https (I still have to make all the changes in Rapidweaver). I was not expecting that level of service!

auroraprint.ca

Jeremy,

Based on your recommendation I just hooked up with Rebel for a practice site. I have to say that these people are really patient with newbies like me. They have been absolutely wonderful to deal with!

My current website was written ten years ago in iWeb. It’s such a fundamental part of my business I can’t afford for it to go down. We have such a tremendous page position on Google searches that I don’t want to screw up the juju. I am waiting to hear back from them to see if I can hire them to create all my 301 redirects when I am ready to migrate to the new site.