Going SSL/TLS

Recent announcements by Google that they would begin to de-emphasize search results to sites that aren’t protected by SSL/TLS encryption (that green lock you see to the left of your browser URL bar) weren’t surprising, but it was a eye opener.

This site (tralfaz.com), its sister site (tralfaz.org), and the Greytbros, as well as Barbara’s wordsbybarbara were all at risk of going essentially invisible.

No bueno.

Part of the challenge is that all of these sites are on a single Digital Ocean droplet, managed by the amazing tool ServerPilot, that complicated matters somewhat. I am sure that it would be possible to manually configure it all, it is likely well beyond:

  • my capabilities – without a lot of hair pulling, trial and error, and a whole lot of curse words, I knew this was more of a tack than I wanted. Sure, it is a learning opportunity, but like many similar instances, it isn’t something I do often, so it would have not been worth it

  • my free time – the last time I dinked with this, on a stand alone site, I sunk a couple of days into the ordeal. I ain’t got time for that shit.

That left me with some unpalatable choices. I could split up the sites on to separate droplets (trebling my monthly spend), or I could just live without it.

While I don’t care that much about the two Tralfaz sites, and the Greytbros, my wife uses her site to help drum up and support her copywriting and script writing business.

Fortunately Serverpilot has a couple of paid options. For a mere $10 a month, I could upgrade from the free tier (manages the deployments, handles the security upgrades, and keeps it safe) to add some features that I wanted. Like log file access on the activities, multiple SSH users, and handling the setup and configuration of the certificates for the encrypted connections.

It was a no brainer to click the button, and pay the man.

Setting up the AutoSSL was embarrassingly simple. Literally “enable” the option, and then click “create”. It goes out to Let’s Encrypt, gets the certificates, sets them up in the nginx, and will renew them every 90 days. One more tickbox, and the http:// traffic is redirected to https://, and all is muy bueno.

Ironically, the older theme we use for Barbara’s site had some hard coded http:// bits, that were fortunately easy to find and fix. Now it is “clean”

The other option was to get a paid Cloudflare plan, and have them handle it. But that would be a cost per site, whereas the Serverpilot is $10 per server (and one “server” is easily handling all 4 of my sites without breaking a sweat).

A simple way to destress a potentially stressful situation.

%d bloggers like this: