Bookmem Posted Tuesday at 03:31 PM Posted Tuesday at 03:31 PM I know people are very security minded today, but I think browsers that only allow access to https sites are nonsense. Why should a site that only GIVES information, and doesn't require any, need to be https? If a user isn't sending info to the site, what is the need for encryption? I have my own site that allows anyone to brows my Karaoke library. There is no login requirement, so the only info is what the user puts in for their song search criteria. Why do I have to pay an additional $50/yr to get an SSL certificate? Quote
securitybreach Posted Tuesday at 04:05 PM Posted Tuesday at 04:05 PM You can get a free SSL from let's encrypt, they are reputable and been around for many years https://letsencrypt.org/ As far as why a site should never be without SSL: https://https.cio.gov/everything/ Quote
Bookmem Posted Tuesday at 05:24 PM Author Posted Tuesday at 05:24 PM 1 hour ago, securitybreach said: You can get a free SSL from let's encrypt, they are reputable and been around for many years https://letsencrypt.org/ As far as why a site should never be without SSL: https://https.cio.gov/everything/ The problem is that I'm not using a webhosting site with cPanel or Wordpress or "shell access". I'm hosting my own site on a home desktop using Xampp. And with Xampp I only have Apache activated. No SQL database or anything else. I use only a txt file for my data. So how do I "demonstrate control over the domain"? Quote
Bookmem Posted Tuesday at 08:40 PM Author Posted Tuesday at 08:40 PM 4 hours ago, securitybreach said: You can get a free SSL from let's encrypt, they are reputable and been around for many years https://letsencrypt.org/ As far as why a site should never be without SSL: https://https.cio.gov/everything/ It took me 3hrs but at least I now know how to do it. Had to move to my Mint box, install apache2 and php and then certbox apache plugin and certbox and run sudo certbox --apache. Now my site is https and no longer says "unsafe". Thanks for the letsencrypt site. Quote
securitybreach Posted Tuesday at 10:08 PM Posted Tuesday at 10:08 PM 1 hour ago, Bookmem said: It took me 3hrs but at least I now know how to do it. Had to move to my Mint box, install apache2 and php and then certbox apache plugin and certbox and run sudo certbox --apache. Now my site is https and no longer says "unsafe". Thanks for the letsencrypt site. Very cool Quote
securitybreach Posted Tuesday at 10:09 PM Posted Tuesday at 10:09 PM Also check out certbot to auto renew your cert: https://wiki.archlinux.org/title/Certbot Quote
Bookmem Posted Tuesday at 10:27 PM Author Posted Tuesday at 10:27 PM 12 minutes ago, securitybreach said: Also check out certbot to auto renew your cert: https://wiki.archlinux.org/title/Certbot Just need to run sudo certbot --apache again and there is the option to renew. One of my original fears about free certs was that they had to be renewed so often. But if that is all it takes then "no problamo". 1 Quote
securitybreach Posted Tuesday at 10:33 PM Posted Tuesday at 10:33 PM This isn't just free, its endorsed by the EFF (Electronic Frontier Foundation). They are the leading nonprofit defending digital privacy, free speech, and innovation.. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.