It’s way too easy to have a blog on HTTPS nowadays

A couple of month ago my hosting provider, Easyhost Romania, informed me that they are “moving stuff” around and I din’t knew what the heck was happening. After I checked in CPanel I could notice that the “Lets Encrypt SSL” icon was showing in the Security section.

After a bit of back and forth with them they told me that they implemented SSL for my account.

For the few who do not know, Let’s Encrypt is a group of people trying to move the entire content of the web onto secured connection, on HTTPS. They are doing this by offering free SSL certificates which expire every three months. Don’t fret, the process is automated and it is done by your hosting company via the CPanel app so you don’t need to lift a finger.

Except.

Once you have the SSL certificate installed, an otherwise tedious process if you really want to have your own certificate from DigiCert, for example, all you need to do is route your traffic via HTTPS always and then you will be fine.

At first I tried a solution using code in .htaccess in which you rewrite rules and actually force traffic via HTTPS, but there is a plain and stupidly easy solution: login into dashboard, go to Settings – General and change the site URL from HTTP to HTTPS.

Why would you want HTTPS on your text only blog which does not, seemingly, make use of any PII data? PII is personal identifiable information like card info and such.

Several easy reasons:
– if you write about stuff someone from an authoritarian country should not read, then his state will be able to see that he connected to your website, but will not know what actually he read in there
– when posting comments normally the data flows through a POST but via HTTP, so using HTTPS will make it harder for ISPs to snoop on your commenters email
– you limit the ability of ISPs to track people all around

Also, Let’s Encrypt will enable wildcard certificates starting Janurary 2018. Cool.

No comments yet... Be the first to leave a reply!