Sunday, December 27, 2015

How much does a HTTPS certificate cost?

Enabling HTTPS connections to your website is a must-have nowadays. Full stop! It even affects your visibility in Google Search. Dealing with certificates is cumbersome and boring though - lots of different formats, algorithms and generally a lot you can do wrong. However, there's easy solutions for most websites:

Put HTTPS in front of your website

...using CloudFlare. This requires zero changes on your server and is completely free of charge. Another very positive side-effect: you get one of the fastest DNS servers too.

Basically what this does is put another server in front of your server. The server in the middle is what your users talk to in the first place - therefore using its SSL certificate to secure the connection. That server then forwards requests to your own server via an unsecure connection (depending on your setup). This of course is a potential threat because ISPs, etc could spy on your user's data, but it saves your user from nasty man-in-the-middle-attacks when using a public WiFi (at a coffee shop for example...).

Here's how to get the most out of CloudFlare!

Get a free certificate

Another solution which requires more work than just clicking on a few buttons in a web interface: creating your own certificate and using that to secure the whole connection between your users and your servers. Usually an SSL certificate costs some money, but there is a new intiative offering legitimate certificates for free: Let’s Encrypt. It sounds really scary in the first place, but it's actually a project backed by big companies and there's nothing to worry about (other than that it is in public beta as of December 2015). You can also read about it on all major tech news websites...

Although this does not completely save you from using the commandline, there is a big community backing this project which offers semi-automated setups for most platforms and usecases.