How to get SSL / HTTPS

Without SSL / HTTPS, users will ignore your website.

Chrome’s SSL Lockdown July 2018

Some time in July 2018, Google will release version 68 of Chrome. Starting with this version, Chrome will show the following screen for each and every website that does not use a valid SSL certificate.

This screen is pretty much the death nail for your website. Most users, experienced or not are heavily inclined not your use your website at all when confronted with this screen, especially due to the reason that so far Chrome used to mostly block sites that are actually dangerous. With this user expectation and with Chrome occupying a large majority of the browser market, most users will simply be scared off and not use your website.

What is SSL?

A SSL certificate lets users use a website using HTTPS instead of HTTP. Using HTTPS with SSL, users communicate with the web server in an encrypted fashion, meaning that all information to and from the server is encrypted and therefore not readable by anyone who might spy in between those 2 points, which is known as a Man-in-the-middle attack.

In an effort to make the internet a more secure place and minimize DNS rerouting and scams, Google made this decision to force the majority of the internet to adopt secure certificates.

How to get a certificate

In order to enable SSL you need to get a certificate from a Certificate Authority (CA). There are many CA’s out there that offer various certificates and services. Those will usually sell certificates to domain owners. Certificates also expire after a certain time, usually a year, so they have to be renewed.

However there is a CA called “Let’s Encrypt” which is a public benefit organization, that gives out certificates for free. Its a project sponsored and partnered with numerous tech organizations like the Linux Foundation, the Mozilla Foundation, Cisco Systems and the Electronic Frontier Foundation among others.

The easiest way of using these is to just use their specific services with your web host provider. Here is a list of web hosting companies that provide direct support for “Let’s Encrypt”: https://community.letsencrypt.org/t/web-hosting-who-support-lets-encrypt/6920

If you are a member with one of them, their web interface should show you options to enable it.

If you are hosting your website yourself you can use SSH and CertBot to create a certificate: https://certbot.eff.org/

You can always just pay for a certificate from any other CA, however please do your research on CA’s because especially now there are more scams than ever in this area. Go to a reputable source.

Some of them include Comodo, Symantec, GeoTrust, Thawte, RapidSSL and Network Solutions. Many of these offer free trials as well.