What are you gonna do with your HTTP sites?
 

RE: Google Will Soon Shame All Websites That Are Unencrypted | Motherboard

Google is gonna display unsecure notices for HTTP sites soon. Are you gonna encrypt them all? If so, check out https://letsencrypt.org/ as it gives you SSL certs for free (here is the cPanel script https://github.com/Prajithp/letsencrypt-cpanel). 301-ing HTTP to HTTPS does not lose PageRank by the way (see No PageRank Loss When 301 or 302 Redirect to HTTPS).

If not, what are you gonna do?

For me, I'm gonna sit down and update my sites to HTTPS this quarter. I might also cough up some cash to buy SSL certs on web hosts that can't run Lets Encrypt. For PBNs, I'll let them stay with HTTP since they're not meant to get human visitors anyways.

Been thinking about this myself. Google absolutely loves one of my sites (#1 out of 1m+ results) so this could be a killer.

This blog post makes me think that Let's Encrypt is maybe not quite ready for widespread deployment yet? I would imagine a browser generated security warning would probably be even more of a roadblcok, when compared to a Google warning...

https://letsencrypt.org/2016/08/05/l...y-mozilla.html

What company do people recommend for buying a certificate from, in the meantime?

https://letsencrypt.org/docs/certificate-compatibility/

Looks like it's more widely supported than I thought. I see the occasional Blackberry and Nintendo 3DS user-agent in my logs, nothing much I can do there...

each SSL cert must be on their own dedicated IP

usually IPv4 costs monthly $3-5 per IP
IPv6 supposedly should be cheaper. Does anyone know any hosts letting have bunch of IPv6 for cheap and configurable for SSL/HTTPS?

I'd forgotten about that.

Looks like there is a solution, but it's not universally supported:

https://en.wikipedia.org/wiki/HTTPS#Limitations

"Because TLS operates below HTTP and has no knowledge of higher-level protocols, TLS servers can only strictly present one certificate for a particular IP/port combination. This means that, in most cases, it is not feasible to use name-based virtual hosting with HTTPS. A solution called Server Name Indication (SNI) exists, which sends the hostname to the server before encrypting the connection, although many older browsers do not support this extension. Support for SNI is available since Firefox 2, Opera 8, Safari 2.1, Google Chrome 6, and Internet Explorer 7 on Windows Vista."

Does this mean that Google strongarming webmasters into using HTTPS is going to further accelerate the exhaustion of IPv4 space?

use cloudflare get free https ...

SNI works except on out dated browsers. People with out dated browsers are not buyers ...

I don't think that is an issue. Google is making more work for a busy world -- that is a problem -- then beating on site owners because of packet sniffing (mostly by world governments).

So, this is really Google's way of making packet sniffing as difficult an possible (Google's real motivation). Google's second motivation is in reducing the number of websites that they will index -- most of the spammy or legacy domains will not adapt and die :2 cents:

Any site I've cared about has been HTTPS for a year or so.

I'm glad the rest of the industry is extremely slow to adapt, though. Makes competition pretty easy. :)

Wouldn't be surprised if in 5 or 10 years time Google starts "warning" people about cloudflare hosted sites, too. They don't exactly keep their noses clean. Also, their faux HTTPS product defeats the purpose of using certificates and encryption - surfers think the connection is fully encrypted, with a nice padlock showing in their browser, when it's actually all clear text between cloudflare and the web server, and can be sniffed or MITM'd just like any other HTTP connection...

Fuck Google in the ass.

https://www.NameCheap.com :2 cents:

Sneaky using your affiliate URL. Have you actually used them for certificates?

We did this and our sales litterally shut off. We reverted

I guess this is going to sound like a stupid question, but did you double check that everything was working - certificates valid, no weird errors in logs etc - so you could conclusively say it was the switch to HTTPS that killed the sales? If it wasn't a technical issue, why do you think the switch caused that effect?

I have an HTTPS site for a client, no dedicated IP .
Godaddy host , Godaddy SSL

HTTPS is very useful for adult :1orglaugh

are you sure it's not a dedicated IP? I mean, does client have other domains under same ip all working fine?
I don't see how it is possible, having multiple domains and a single or multiple SSLs on one IP.

If that is true, then it is super cool and means anyone could have all their sites HTTPSed affordably, virtually hosted on only one IP. - but that's not how it works, as far as I know
Also, godday is in the business of leasing extra ipv4 IPs at $6 a pop, monthly I think

Use a good handful of the RapidSSL ones at $10.95. They have a $9 Comodo one as well but haven't tried that one.

I'm a little intrigued by your answers, would you add me on skype pls? I'd like to talk

Here are the screen capos ... I was surprised too . As you can see, it is an https site :

http://pdghosting.com/pics/ssl1.PNG

http://pdghosting.com/pics/ssl2.PNG

http://pdghosting.com/pics/ssl3.PNG

and it is cleary not the only site on that IP :


http://pdghosting.com/pics/ip.PNG

cost the SSL , first year cheap, about 14.00


Site is actually done , but hidden to public and not live as client has not yet given the OK .

See the above reference to Server Name Indication (SNI) which lets you use more than one hostname per SSL IP.

It is apparently widely supported, but not quite 100% (eg not supported by XP+IE)

Hmm, come to think of it, I used XP SP3 until about 2 years ago. :1orglaugh

http://thsrv.com/p/comodo_popups.png

Was checking out Comodo, went to bed, got up to find this.

That's like one popup attempt every 30-40 seconds. They really want to get my attention. :1orglaugh There's also a window floating around that asks me to explain why I don't want to buy.

Good conversation

We tried Comodo one year. Never again. Hard sell then support falls off the planet. They got upset when I posted a support request in their forum which they use as a sales tool. "ALL Hail, the Great Comodo" kind of bullshit.

That's pretty neat. I've got a VPS at godaddy I manage, will be toying around with setting up SSL there in some time. Will be seeing if I could get ipv6 and config it that way or get the SNI work. So far I remember checking out SSL config through WHM/Cpanel is that they make a point that the dedicated IP is required.

Interesting.

I did notice that the testimonials shown their product page seem to be excessively positive, like they're manipulated (delete anything negative), or totally fake.

For the moment I'll continue playing around with https://letsencrypt.org/ , as my site doesn't need strong verification/trust from its users, just HTTPS to keep the big G happy.

SNI works on almost al browsers the only traffic you will loose is from people on windows xp running IE and some very old cell phones which is not all that much if the website is important get a dedicated ip if its not use SNI.

I hate to say it.. But go with Godaddy for SSL certs.

They leave posts up but they will complain to you privately.