Http to https effortless it appears

[PeterShene]

Hi Guys

I will shamefully admit that i was running on http fro a long while up until about a week ago i finally decided to make the change to https.

In ruth i was scared off by all the massive articles on how to move your site and retaining as much of your traffic and ranking as possible.

However for me if was a little more daunting as i have a mixed site of WordPress and static html so no dynamic url re writes.

It was effortless though i simply signed up and did a ht acess re route which it turns out wasn't necessary...

What really helped me was Firefox search console you can click on the insecure site tab and pull up exactly what is still being called on as http and find it on your website and fix it. Ideally try not to use absolute paths

 

[easyhostmedia]

Dont forget that now FF and Chrome will both flag any websites not using HTTPS as insecure

 

[SenseiSteve]

It has gotten much easier to provision HTTPS recently. If you haven't made the switch yet, do it now. It adds to the trust value of your site.

 

[24x7server]

That's a good decision. Even Google will force the transition to HTTPS for July 2018. More details are here:- https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

 

[easyhostmedia]

That's a good decision. Even Google will force the transition to HTTPS for July 2018. More details are here:- https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Yup and soon all browser vendors that are members of the CA/Browser Forum will follow suit.

The say 'It is to make the internet more secure for users' but personally i dont think it is as since CA/Browser Forum was started in 2005 all changes they have made have all lead to 1 thing US USERS HAVING TO SPEND MORE MONEY with CAs and guess who set up and run the CA/Browser Forum

 

[20i Richard]

US USERS HAVING TO SPEND MORE MONEY with CAs and guess who set up and run the CA/Browser Forum

There are plenty of free certificates available, from the likes of Let's Encrypt and Cloudflare.

 

[easyhostmedia]

There are plenty of free certificates available, from the likes of Let's Encrypt and Cloudflare.

which are fine for personal sites and blogs, but for commercial sites that require CA badges then you need a paid SSL.

but yes no excuse for any website to not run under HTTPS with the use of free SSL.

But free SSL are aid scammers as it used to be 'look for the padlock to make sure the website is safe and secure' but this means nothing now

 

[PeterShene]

Dont forget that now FF and Chrome will both flag any websites not using HTTPS as insecure

Yea well apparently this is going to get worse as in the red bar in the browser, so this is why i switched, because i could only imagine all the website visitors i would lose with that red bar.

I see now however many hosting companies are offering standard https and some are dropping http. Not comodo certificates though i think its through lets encrypt.

 

[PeterShene]

which are fine for personal sites and blogs, but for commercial sites that require CA badges then you need a paid SSL.

but yes no excuse for any website to not run under HTTPS with the use of free SSL.

But free SSL are aid scammers as it used to be 'look for the padlock to make sure the website is safe and secure' but this means nothing now

I kind of agree with this it seems to be more of a money making scheme than anything else. As i do web design i bought a comodo certificate, however many of my client websites use lets encrypt, granted not all ssl certificates are equal but in my case lets encrypt would have been good enough.

 

[easyhostmedia]

Not comodo certificates though i think its through lets encrypt.

Some use let encrypt, but if your host have WHM 60 + then cPanel have autoSSL which a host can enable as standard, so all sites on the server will be given a free DV SSL cert unless they already have an active SSL cert.

When cPanel first did this i have a real bust up with them as in the WHM60 upgrade this was added enabled by default, so when i had a client try and install his own SSL cert it would not let him as it stated his domain already had an SSL.

To me this should not have been enabled by default as if a host sells a lot of SSL certs, because cpanel decided to give all the hosts clients a free SSL without the hosts permission then how many client will not renew SSL certs, so the host loses revenue.
cPanel could not see this point .

 

[PeterShene]

yea ive actually also experienced now some of my clients websites going bad, because some of the java script and css files were absolute paths and the ht access redirect sometimes blocks the http request so ive had to do a run through , but i am grateful that it is being offered free.

 

[ronweeks]

It definitely has become easier now to get an ssl since they are now being offered for free and it does make it much easier to just switch your site to start using https instead. It also does look better when a customer goes to your site and looks around and sees that it is secure.

 

[PeterShene]

Im a little confused about something, i work with alot of different hosts, and for the most part if a client doesnt buy a certificate of the host doesn't offer lets encrypt , when i force it over to ssl ( its a sef signed certificate however, it becomes a auto ssl after a few days, some hosts however this does not happen and i end up with a self self signed certificate which is no good at all. It this at the hosts discretion ?

 

[easyhostmedia]

Im a little confused about something, i work with alot of different hosts, and for the most part if a client doesnt buy a certificate of the host doesn't offer lets encrypt , when i force it over to ssl ( its a sef signed certificate however, it becomes a auto ssl after a few days, some hosts however this does not happen and i end up with a self self signed certificate which is no good at all. It this at the hosts discretion ?

Yes it is upto a host if they offer lets encrypt or even enable cpanels own AutoSSL.
But you as a client can get a lets encrypt SSL yourself.