Moved site to HTTPS only

Noticed the following tweet the other day:

Thought this would be a perfect time to switch my website to HTTPS only. Previously I have played around with using my own CA, trusting this CA on any computer I use, and then I can generate my own certificates as and when I feel like it.  This is generally alright for personal use, but for public use there is little benefit doing this rather than just using self signed certs.

I found letsencrypt fairly easy to use, the only problem was I had to bring Apache down for a few minutes while I requested a cert – this is a minor thing, but I do host a few other websites on the same VPS I use for my website, so something to bear in mind.  The expiry time seems pretty short too, only extending 3 months into the future by default.

Anyway, it beats paying for a cert 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *