Step Ten – SSL

When secure is not security

You’ll definitely need help with this.

Having that little green/grey padlock means jack shit. The https protocol is a joke. Websites MUST use Secure Sockets Layer (SSL) because otherwise potential visitors get warnings to stay away: “This site is insecure! Go back to safety before the world ends!” They’ll also get those warnings if:

  • the issuing company becomes untrusted
  • someone forgets to renew the certificate
  • the SSL certificate isn’t set up correctly

Google search results also prioritise https sites over http sites. Bastards.

If you really have no idea where to start, you can pay GoDaddy $50/yr for a green padlock. The price has dropped from thousands of dollars because the padlock means next to nothing anymore. Instead, to apply for a free certificate, use Let’s Encrypt

The Writers of the Far South Coast uses CloudFlare’s free SSL protection. But we also have the certbot script to setup and renew free SSL certificates for sites on the WFSC webserver. To find out that the WFSC is running Ubuntu 16.04.5 LTS (xenial):

sudo lsb_release -a

Domain Name Servers do more than act like the yellow pages. A lot more. DNS needs a CAA record to be added to make sure that padlock is there. This is from GoDaddy:

SSL varieties money can buy

  • A Domain Validated (DV) Certificate verifies your ownership of the domain – This is what Let’s Encrypt does for free
  • Organization Validated (OV) Certificate proves that you own the domain and that your organization is legitimate. This is reassuring to your site visitors, as a fraudulent website could never pass these checks *scoff*
  • The Extended Validated (EV) SSL offers the highest level of assurance to your customers – EV SSL applicants must pass an extensive vetting process. (See figure below) – plus it costs a lot of money

Some advanced nerd information gathering sites:

Leave a Reply

Your email address will not be published. Required fields are marked *