HTTPS and SSL certificate

[Gasman]

Marvellous
Got a call from a FB group admin, that he had a received a notification that they had deleted 5 of my posts in that group. Also the link to the website that he had posted for a website I created to replicate the Bibby Gazette that we used to get when serving in the Merchant Navy.

We *think* it is because the site is http:// and not https://, but no data is requested on the site, it is for display purposes only.

They can do all that, but cannot stop the phishing messages we are getting supposedly from other members, who have never sent them. One member has even had his messenger account deleted, but they are still coming.

Anyway, could someone who has their own website(s) please tell me how easy it is to install an SSL certificate yourself? Any reccommendations. The site is registered with GoDaddy, just because it existed on my NTL webspace, then when they stopped supplying webspace, threw us over to GoDaddy.
I am assuming that once installed, the prefix will change to https:// ?

The site in question is bibby-gazette.co.uk but is a display site only. It does not ask for any info from any visitor.
The site is a labour of love for the shipmates that I used to sail with. No monetary gain at all.

Not sure if I want to pay for one TBH.

 

[plog]

I use lets encrypt which is free:

Let's Encrypt

Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Read all about our nonprofit work this year in our 2023 Annual Report.

letsencrypt.org

It's been a few years since I set it up so I can't remember the steps. Which I guess is kind of good, had it been a battle to get it to o work I am sure I would have remembered that experience.

Once set up the https worked, but http still did as well. Its not like it just switches over automatically. I had to rewrite my .htaccess file to redirect to https.

 

[Gasman]

Thank you Plog,
That is a bonus. I don't mind jumping through a few hoops to get one working.
Seems I have a fair bit of research to do. Not even sure I have a .htaccess file

 

[The_Doc_Man]

Anyway, could someone who has their own website(s) please tell me how easy it is to install an SSL certificate yourself?

Since the sites are designed to work with certificates, the utility that is your web provider will have something built-in - but you should probably just do a web lookup of "Install SSL certificate in xxxx" where xxxx is whatever you are using to provide web pages to your clients. Could be IIS, Thunderbird, ... anything. Last time I had to do something like that, it was for a mail system.

The trick is always to find their security setup category in their menu and browse until you find "install certificate" or "register certificate." If you have the cert as a file, they usually want it in a particular folder relative to the network utility folders. So you move the file to the right place, run the certificate install/register/whatever they call it, and stand back. Takes a few seconds, mostly because of having to do a little math on the two keys - the public and private keys for the cert. Once they are verified, you are good to go. The harder part is to fill out the request for the cert to get your site name correct - and it is important because the site's root name/path figures into the cert.

 

[Gasman]

Thanks Doc.
I had a quick peek last night and there is a .htaccess file, with a bunch of stuff I do not understand. They have some decent support, so if I cannot find the process, I will give them a call.

 

[sonic8]

Anyway, could someone who has their own website(s) please tell me how easy it is to install an SSL certificate yourself? Any reccommendations. The site is registered with GoDaddy,

The process totally varies depending on where/how the website is hosted.
I suggest you google for your hoster's instructions. Here's a piece from the GoDaddy Blog: How to enable HTTPS on your server

 

[Gasman]

I use Cpanel with my ex bosses hosting package.
Googling there should be options for SSL/TLS in the Cpanel Security section, which we do not have, so I will need to contact TSOHost support.

A few videos on youTube, so appears pretty painless TBH. Just hope that turns out to be the case.
Plogs link also supports TSOhost, so again another bonus.

 

[Gasman]

OK, I *might* have found out why FB were concerned about my site.
I have two small javascript snippets which hide the actual email addresses on the site.

Would a SSL certificate cover that? I would have thought not?

I submitted the site to two sites that scan the website for malware. One scanned it with 77 different programs, only 2 reported it as malicious
The group admin forwarded the FB message.

On my posts.......
1 post 3 years old.
3 posts at 2 years old
1 at 9 months old.

The two others from other posters were almost as old?

Nice to see they are on the ball

 

[plog]

No, SSL just verifies that the requested sender was the one sending information.

 

[cheekybuddha]

Letsencrypt++

 

[undeprecated]

SSL is pretty standard these days on any hosting provider. Be wary of anyone trying to sell you a cert.

 

[The_Doc_Man]

@danielwill - your comments are technically correct, but you were responding to a year-old thread that appears to have been abandoned. Always check the date of the post, which is in the top line of each post.

There is no rule saying that you CAN'T respond to an older post. It happens all the time. But I wanted you to recognize what you did because you get more "bang for the buck" responding to newer posts. Just a fine point about being a member.

But thanks for offering your insight to contribute to the understanding of the forum on this topic.

 

[Gasman]

I would also say thank you for the SSL labs name. That allowed me to check my site.