It’s no secret that using SSL certificates on your websites is wise. I’ve known this for a long time, but I had never bothered to use one on any of my projects. The whole thought of setting up and installing one on, say, this site here felt daunting. There was a lot I didn’t know or understand about the whole ordeal. I was afraid I would screw something up beyond repair, so I avoided it. Eh, no matter, right? My site is of no significance. No one would want to hack it, and even if they did I could always wipe it out and start fresh anyway… Foolish, I know.
Then, about a year and a half ago, Jeremy Keith wrote about turning on HTTPS on his websites, and that really peaked my interest. Still, the process seemed to be too cumbersome for me to bother with at the time. It was a nice-to-have thing to think about, but not worth the potential headache and investment for a rarely-used personal site.
So I didn’t think much about SSL for a long time, that is until I started hearing things about Let’s Encrypt.org: a new initiative backed by big web and privacy names like Mozilla, Google Chrome, and the Electronic Frontier Foundation. The idea behind Let’s Encrypt was to provide a free and easy-to-use certificate authority for anyone to use. The service provided a script that you ran on your webserver. This script would launch a GUI that would walk you through a wizard-like series of questions, and then bam! You would be setup with your new certificate. It all sounded too good to be true.
But then I read Tim Kadlec’s story of how he used it on one of his projects and I thought, “Dang! That sounds really simple! And if someone like Tim Kadlec is using this tool, it must be good!”
Still, I was unsure if my host would support this kind of certificate on their sites. It seemed to be too perfect. Dreamhost probably wouldn’t support these certificates, I kept telling myself.
Oh, they were going to support them alright. A post on Dreamhost’s blog confirmed that they were looking at integrating the Let’s Encrypt service right into the administrative panel. WAT!
Sure enough, Dreamhost announced that the feature was live (although, in beta, as is Let’s Encrypt in general) and I made plans to spend at least part of my weekend learning how to enable this on my site. , I logged into the panel, found where I could enable it, and stopped. Do I really want to tackle this now?
I walked away for about 15 minutes, but then came back and pulled the trigger. A couple of clicks, and it was done. It took another 10 minutes or so before the certificate was live, but once it was I could access my site with or without the ‘s’ on the protocol segment of my URL. No friggin’ way. There is no way that it could be that simple! But it was.
The only thing that was missing—and in a way I’m glad it was—was that traffic to my site wasn’t being automatically kicked over to the HTTPS version. If something had gone wrong with the process, this would have been a good thing as my site presumably would still have worked using the non-secure protocol. Still, it might be nice if Dreamhost offered to turn this on redirecting as part of the certificate install process. No matter though; I found a snippet on Dreamhost’s support wiki which I merely needed to paste into my .htaccess file, and voilà! Now everything on my site is being served over HTTPS!
The whole process was astonishingly simple, really almost to the point of being disconcerting. But kudos to both Let’s Encrypt and Dreamhost for making this service available!
I love the way your site looks, though I'm not really the Jony Ive. How easy is it for someone to discover the real author of this note? Please also c…Continue reading