Topic: Non secure HTTP website google phase 2

[jgillett]

Yes, that is what I use, "//" is the safest option.

Thanks for that.

Recent versions of cPanel supports Lets Encrypt out of the box.

Which cPanel

That came from weatherc.

[Jáchym]

OK, sorry

WeatherC  - which cPanel?

[McLouthWX]

I, for one, will not pay the extra money for an SSL Cert. Google does not run the internet and they are not the boss of me. How's that for defiance?

[Jáchym]

I, for one, will not pay the extra money for an SSL Cert. Google does not run the internet and they are not the boss of me. How's that for defiance?

You dont transfer to HTTPS because of Google....

HTTPS - that S stands for the reason why you do this.

[McLouthWX]

That's silly. I don't collect any personally identifiable information from any one. See no need for the S

[weatherc]

WeatherC  - which cPanel?

The needed free plugin (made by cPanel) have been available since cPanel 58.0.17 (the webhost need to install it). I'm don't know if the plugin have been integrated to cPanel since that as i added LetsEncrypt manually outside cPanel.

[jgillett]

That's silly. I don't collect any personally identifiable information from any one. See no need for the S

The way things are going, eventually, without the added 's', sites might no longer work - especially if you get anything via links; e.g., files, images, wx maps, forecasts, etc.

[tbrasel]

That's silly. I don't collect any personally identifiable information from any one. See no need for the S

From your end & view, could be true.

However, some providers may not wish for folks to hook-up to them with a non-secure link, which might leave them vulnerable.

On the other hand, I guess some folks still sleep with their windows open & doors unlocked this day & time, which basically is the same-thing.

[weatherc]

The way things are going, eventually, without the added 's', sites might no longer work - especially if you get anything via links; e.g., files, images, wx maps, forecasts, etc.

I would say its just a question of time before any kind of forms stops working on HTTP (without the S) as at least FF allready have a warningbox in such forms.

[McLouthWX]

Started this hobby way back in the 80s, didn't even have a computer then, kept records manually. If it comes to the point websites don't work, so be it. The hobby is the weather not the website, I can live without and probably will not miss it.

[ValentineWeather]

I had no plans of going to HTTPS either but when I realized it wasn't going to cost much $4 year unlike the normal $140 3 yr. plan GoDaddy offered. They even put it in my out basket...Then called me when I took it out, I told them to go fly a kite for that cost and would shut my website down before paying extra on top of the already expensive site.

[tbrasel]

Started this hobby way back in the 80s, didn't even have a computer then, kept records manually. If it comes to the point websites don't work, so be it. The hobby is the weather not the website, I can live without and probably will not miss it.

I started about that time as well McLouthWX. Kept hourly reports on a spiral paper notebook starting in March 1972, rarely have missed a day since, but now I have modern technology, Davis & all my other toys doing those parameters for me & I absolutely will not go back the direction I came from or started with in 1972.

The only reason I put up a website is so many folks I work with, along with family ask me "whats the weather going to do", that I put up a website & directed them to it.

I am in for the long-haul.

[tstorm]

My current host said that I needed to upgrade to a dedicated IP plan with SSL .  The price difference is $100 a year.  I will be shopping around for plans which allow for crons to run every 5 min and have mysql.

John

[Jáchym]

My current host said that I needed to upgrade to a dedicated IP plan with SSL .  The price difference is $100 a year.  I will be shopping around for plans which allow for crons to run every 5 min and have mysql.

John

Thats exactly the same with me, I need a dedicated IP plan and in addition, they provide no support whatsoever so I would have to set it up completely myself, which is IMHO unrealistic without a few week's non-functional website and even then, the price difference is just huge, it would be almost 3-4 times as much compared to what I pay now.
For me it is like - HTTPS - yes, but when it becomes more widespread, easier to install and cheaper.

[Jáchym]

WeatherC  - which cPanel?

The needed free plugin (made by cPanel) have been available since cPanel 58.0.17 (the webhost need to install it). I'm don't know if the plugin have been integrated to cPanel since that as i added LetsEncrypt manually outside cPanel.

OK I think I lost you completely now Control panel of what? I use external webhosting, I can't install anything on the server.

[ValentineWeather]

My current host said that I needed to upgrade to a dedicated IP plan with SSL .  The price difference is $100 a year.  I will be shopping around for plans which allow for crons to run every 5 min and have mysql.

John

If happy with host I just purchased the certificate from these guys after researching they were for real and payed with paypal. Its a little complicated but I figured it out using the Cpanel on GoDaddy. I used the comodo certificate.

https://www.ssls.com/lp/4.99-ssl-offer.html?gclid=Cj0KEQjw6LXIBRCUqIjXmdKBxZUBEiQA_f50Pk38uflVLbWP9nvsvboZqiA9cGwFtgLCcAdxHSPB5boaAoVr8P8HAQ

[Maumelle Weather]

My current host said that I needed to upgrade to a dedicated IP plan with SSL .  The price difference is $100 a year.  I will be shopping around for plans which allow for crons to run every 5 min and have mysql.

John

Hi John,

I use ICDSoft. I am on their Business Plan. They use Let's Encrypt HTTPS. It's free with their hosting. Outstanding support.

[Jáchym]

The only way to use https with my provider is to have dedicated IP which I dont... Im sure that it will become a lot easier and provided by all providers in the future, it is still not a big deal to use http now if you dont have any payment gate etc and as soon as browsers stop supporting it the providers will quickly take action, Im sure about that.

[jgillett]

If happy with host I just purchased the certificate from these guys after researching they were for real and payed with paypal. Its a little complicated but I figured it out using the Cpanel on GoDaddy. I used the comodo certificate.

My current host also keeps insisting I 'upgrade' my plan with them. Way too expensive as Jáchym mentioned. Also confused about creating my own cert - way beyond my current brain power. The host I'm considering has a Let'sEncrypt icon in their cP. One click and it gets all the info and installs it - no fee. I like one click stuff...

[Jáchym]

Exactly and my provider does not even have this one-click option. Free certificate does not solve the problem. I would have to have a much more expensive plan and then set it all up myself, which would be almost guaranteed to end up in a disaster. But I am sure things will change soon, just like everything is changing so quickly in the IT field

[jgillett]

Changing almost too quickly to keep up with...

[vreihen]

What about making all the URLs just //, instead of https://? As I understand it then whatever works will be presented (http or https) automatically. Or have I dropped off the deep end again?

If all of your pages are coded with proper "relative" links and paths, you can transparently call it via HTTP, HTTPS, and any future protocol that's supported in a URL name.  Here's a full explanation:

http://www.coffeecup.com/help/articles/absolute-vs-relative-pathslinks/

If the web site is written properly with relative paths to all internal content, it should require zero code modifications to change host names, protocols, and even moving/renaming the parent directory folder.....

[vreihen]

But I am sure things will change soon, just like everything is changing so quickly in the IT field

The automated certificate management that LetsEncrypt utilizes *is* the change you're waiting for!  Prior to that, you had to learn how to use OpenSSL to create a CA, generate a CSR, get it signed (or self-sign), and finally install the resulting files (along with an intermediate certificate chain file in some cases) onto your server and edit your Apache config file(s).  Windows wasn't much easier, but AFAIK you can only install the Microslop CA on a Windows Server OS.

All of my certs at work are due to expire in August, and the last time I had to rotate certs it took me 32 hours and mandatory service restarts or server reboots on every system in the farm using HTTPS/SSL.  Not looking forward to July for sure, although I may look to see if I can borrow any of the LetsEncrypt automatic distribution logic (even though I can't use their certs for auditor reasons) to simplify the next round of upgrades.....

[weatherc]

The only way to use https with my provider is to have dedicated IP which I dont...

Its just a question of trying to make money. Dedicated IP's and paid certs was easy money for the webhosts. With Lets Encrypt and similar are that moneymachine pushed in the junkbin as they are free and do not need dedicated IP.

[Jáchym]

Yes, thats quite possible because otherwise if I used Lets encrypt, the transfer to https would be free. Like this it would cost me 3 times as much because of the IP, but there is nothing I can do at this point. Other than that Im very happy with my provider.