Web page "not secure"

[didds]

https://letsencrypt.org/

free certificates.

never used them, only merely heard of them.

didds

[didds]

sslc ert processes:

raise a CSR
apply to cert oissuting authroity with CSR and some basic info
they issue the cert

the public keys they provide will match the private key that will have been created with the CSR.

Any webserver that needs the cert will need both public and private keys. It may also need intermediate certs that should also be provided by the issuers.

I don;t underdtand what is meant bu "The other domains which forward to it will, in effect, inherit the SSL.".

If www.fred.com directs/forwards to www.bert.com, and www.bert.com has a certificate , www.fred.com will not inherit it - and neiother will the cert ofr www.bert.com work for www.fred.com either.

Similarly if www.bert.com directs/forwards to wwww.fred.com.
You can get wildcard certificates *.<domain> which will cover one level before the domain

eg for *.bert.com, that will cover <anything>.bert.com, and also bert.com. But it won;t cover <something>.<summat else>.bert.com.

usually simple certs www.domain also cover just domain
eg www.bert.com will also cover bert.com


HTH

didds

[IanSmithISA]

Good morning,

... My website is hosted (and created) by Weebly but my domain names are mostly registered with 123-reg. IIRC I created my website in Weebly using their default weebly.myname.com (or whatever it is) and then published that to mydomain1.com I also have mydomain1.co.uk which directs to the same place.
...

If you look at

https://community.weebly.com/t5/Getting ... td-p/63524

They say

Community Manager Adam COMMUNITY MANAGER
‎10-02-2017 08:32 AM
Re: How to Install SSL Certificate on Weebly ???
We're rolling out SSL for free to all sites; I don't know exactly how long that will take, but once we've finished everyone will be able to use SSL easily by enabling it on the Settings tab.

- Adam
Community Manager

If this is true then that is all you need to do.

I host my sites with another provider and they charge £30 p.a. for an SSL, ouch!

Bye

Ian

[Clariman]

This turned out to be super-easy in the end. 123-Reg had a half price SSL sale on but I asked the question of my hosting provider (Weebly). As Ian said they now offer free SSL certs as part of their service. This was confirmed by their customer services. They had to do a bit of set up and then all I had to do was enable it. 2 minutes later I had an SSL enabled site and my other domains which I forward to it also showed https:

Very pleased

[Lanark]

I've just called 123-Reg who were very helpful. My understanding now is that I just need 1 x SSL certificate for the domain to which the website is published. The other domains which forward to it will, in effect, inherit the SSL. However, the certificate needs to be implemented by (or at) the hosting provider via a CSR (Certificate Signing Request).

Agreed?

Yes there is a huge range of different certicicates available at different prices, most people just get the most basic/cheapest single domain cert.

It may be cheaper from your web host or is may be cheaper elsewhere - shop around.

[Lanark]

My understanding is that if you change from http... to https... you lose your current site ranking. For sites that have spent years getting good ranking based on back links, interesting content etc that can be a major problem.

Is there a reason why a site that does not collect any data or handle payments other than through a secure system should use https, and it there is not then what is the logic of saying it is not secure and downrating it on search engines?

In my experience of doing this it does affect ranking for about 1 year until things go back to where they were before. I don't know why but I suspect it is to do with backlinks pointing to the 'wrong' version of the page. Google put a huge emphasis on 'New' backlinks, so over a year they will all start pointing to the right address.

Eventually I think Web Browsers will start showing red popup warnings on anything that isn't secure. So the question becomes do you want a hit on your google ranking today or in 3 years time.

[stewamax]

Eventually I think Web Browsers will start showing red popup warnings on anything that isn't secure.

Chrome already does - a 'Not Secure' but in the address bar and not as a popup.

[PeterBill]

There are ways of getting a free cert ... I did it for my site which is a family history web page ...

Plenty of videos on youtube.

https://www.youtube.com/watch?v=eR_0NNN4Xkc