How do you get the S in https?

lombardy160 · July 29, 2018, 3:02am

Guess I already asked the question there. How’s it done? Thanks, again.

brianfrank · July 29, 2018, 3:18am

You need a SSL certificate. My host is giving them to all accounts for free, but a previous host forced us to purchase them.

I don’t think you need one if you don’t collect user’s information, but I say if you get one free, then use it.

My host sent me an email:
"Google’s decision to mark non-HTTPS websites “not secure” takes effect soon. So we’ve created a guide to help you prepare and keep your visitors protected. Simply follow the instructions in our Knowledge Base article and your free SSL certificate will be enabled in no time.

By enabling SSL, your website will be given the HTTPS label-giving your visitors the confidence that you’ve made their security a priority."

Once you enable the certificate, you need to redirect traffic to the secured site. I redirected through .htaccess; some hosts do it automatically, others use the 301 redirect.

Mittineague · July 29, 2018, 3:21am

There’s this older article (predates free Let’s Encrypt but the “basics” are still relevant)

https://www.sitepoint.com/https-basics/

There’s this more recent “how to” about using free Let’s Encrypt

https://www.sitepoint.com/a-guide-to-setting-up-lets-encrypt-ssl-on-shared-hosting/

Rubble · July 29, 2018, 9:29pm

If you have cpanel you might find you have a https version of your site already. I found out by chance last year it had created https versions of all the sites I had.

Try putting https in font of your site name in the URL and see what comes up.

olih · August 5, 2018, 12:07pm

Try HSTS the support send the request automatically

lombardy160 · August 5, 2018, 4:28pm

This was for later on, since I am only showing info, not storing any on the site just now.

Mittineague · August 5, 2018, 6:54pm

While it is correct that you don’t need to use a secure transfer protocol (HTTPS) if you’re not dealing with secure transfers, if at some point in the future you will be, IMHO it would be a good idea to start with HTTPS right from the start. You can use HTTPS even if there is no secure data being passed. And there is a good chance “changing later” will cause at least a few problems for you to deal with. eg. changing absolute paths, redirects, etc.

system · January 8, 2019, 10:39pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.