Thread: Add https to the site... one year goal.

HTTPS is the secure version of HTTP.
There is a growing move to https everywhere especially on locations that use passwords.

There should be some research with the hosting service to see what the
cost and impact is. It does take more work for the CPU to accept and deliver
https encrypted content.

As more browsers enforce or get grumpy about it more of the site users
will see browser notices that the site is not secure. Other than the password
step there is not a big worry for us but the move by the big boys to HTTPS
is relentless.

Our users need not see any issue. The server can serve both http and https.

https://www.eff.org/https-everywhere

What is the main difference between http and https?
Instead of HyperText Transfer Protocol (HTTP), this website uses HyperText Transfer Protocol Secure (HTTPS). Using HTTPS, the computers agree on a "secret code" between them, and then they scramble the messages using that "secret code" so that no one in between can read them. This keeps your information "safe" from hackers.

https://en.wikipedia.org/wiki/HTTPS
https://help.dreamhost.com/hc/en-us/...sting-overview

And yes I have been busy doing some web things more than honing so this seem important to me this second... ;-)
This is a finishing stone equivalent thing for the server and we know that
there are finishing stones and then there are finishing stones.

Couldn't hurt. We exchange a lot of email and PayPal names on these forums and PMs.

Originally Posted by EdwinHMcBride

Couldn't hurt. We exchange a lot of email and PayPal names on these forums and PMs.

It is not free and only protects from internet and WiFi snooping.
Conversations can be seen by guests.

Today all this buys is removing browser noise that the site is not secure.
It is something professionals will want... but there is time to act and
LiquidWeb might make it easy to add a free certificate via LetsEncrypt https://letsencrypt.org/

lets encrypt worked well for a site I host. It kept the users who wanted https happy, and was simple with their certbot that did everything for you as well as free.

Then you just have to make sure all outside links on the server-side are to https otherwise you get warnings for unsafe scripts, etc. The only down side is i have to auto renew the certificate every 3 months due to being free. But i just added that to my update script.

Im not sure what your server situation is but this is the method i used. APache version
https://www.digitalocean.com/communi...n-ubuntu-16-04
nginx version
https://www.digitalocean.com/communi...n-ubuntu-16-04

But this process literally took between http -> https a few minutes. An additional hour afterwords finding and removing http links to use https to get rid of SSL warnings.

Any new on this topic?
As long as there is not SSL protection it would be possible to sniff login credentials of everyone (admins and mods too). I would not like to see such a great forum with all its knowledge to be destroyed by anybody that want's to. That would be a real shame.

Yes, improved security is really important and we will switch to https in the near future.
Thanks guys!

Originally Posted by gugi

Yes, improved security is really important and we will switch to https in the near future.
Thanks guys!

will that make it difficult (or confusing) to log in the first time (like it was for some after the name/domain thing?). Can we have some kind of heads up on the site before such changes take place so users like me without a lot of computer knowledge aren't confused?(it happened right after a computer update so i thought it was related to that for awhile)

I don't expect to be a problem, but you may have to login again. There will definitely be an advance notice and we'd have tested it first anyways. The domain change was an emergency response when the old one was redirected away from the site without any advance notice or planning/testing.

The site is now running through encrypted protocol i.e. https:// instead of http://
If you experience any issues please let us know.

If it was changed, i didnt notice anything. But i dont know squat about this stuff. So l, smooth change for sure. Didnt even have to sign in again.