Move to HTTPS

HTTPS is a good idea. At the very least, it provides security and privacy by security the data over the wire. It also provides, and enforces, proof of who you are talking to. This means to make it work a site needs certificates, which are not easy to get and to get setup. When I first started doing my own web hosting, I looked into HTTPS because, well, why not? It is secure, and because hardware is so good these days, it doesn't have any drawbacks. However, it was both hard and expensive, so I left it for another day.

Now that Let's Encrypt has taken off, I figured it was time to get on the HTTPS train. The privacy and security part is important and easy, really all Let's Encrypt does it enable a site to that; the proof of identity part does exist, but that is not why I am doing it. Downloads are the biggest reason, in that people downloading files from my server really should be encrypted to ensure that they can't be modified.

It is now very easy to get certificates setup with HTTPS, and using Let's Encrypt's simple protocol, a small script is all it takes to get certs and renew them. I am using acme-tiny, which works perfectly.

Simply, it is worth it to use Let's Encrypt, just for the security and privacy. While I understand why proof of identity is included in HTTPS, I think that they should have been left separate and not forced on top of encryption. Let hobbyists and basic sites run just encryption, and make companies, forms, and purchases do full encryption plus identity.

9th Sep, 2016
276 words long, and it’s got 0 comments for now.