Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[Question] How to get free SSL?

#1
I've heard that Google is going to give low rank to http sites compared to https sites, I only know that it's related to SSL certificates, but I don't know how it's really done, so if anyone can give any advice it would be helpful.
#2
Our cPanel should automatically create an SSL/TLS certificate for each domain added. The certificates are automatically renewed.
If it's not working properly for you, I'd recommend posting about it in the Web Hosting Account Support sub-forum
[Image: gr_sig.gif]
[Image: userbar222222.png]
#3
Thanks for the information, i was just curious.
#4
But chrome gives ssl error on our login url (https://hero.gigadnsserver.com:2083)
??
NET:ERR_CERT_DATE_INVALID
   
#5
Do not worry! Everything is safe and secure.
 
[Image: userbar.png]
[Image: polandbar4.gif]
#6
you can use Let's Encrypt authority witch support all TLD domains and issues for 3 months and you should renew it after months for free and support in most of the browsers in all platforms.
#7
Hmm... Free sertificate from Let's Encrypt is good. But if you curious and want to try some 'premium ssl certificate' , you guys can go ahead and try to get a One year SSL certificate (normally $9/year) for free by using Github Student Developer Pack. All you need to do is register https://education.github.com/pack/offers there using your .edu email account (which you'll get if you're a student) . It'll give you a 100% discount code for PositiveSSL on namecheap and you can use it for one of your domain name. I'm using it and installed it on https://awan.studio . Honestly i don't feel any difference from the user experience but i gotta say that it feels premium lol.
-Dzikri Aditya Darmawan-
Just a Basic Internet User
[ personal https://dzikriadityadarmawan.com web ]
[ personal https://itsliterally.me blog]
[running https://awan.studio business]
 
#8
I'm not happy with what Google is doing. Trying to push https on everyone when only some sites benefit from it. It's not only the ranking because Chrome shows http sites as "not secure" which is often slander. At the moment I redirect all https -> http because I don't want my links to break or have to pay for a SSL cerificate if for some reason this great place ceased to exist one day. I hope I'm not losing too much visitors from it. Dodgy
[-] The following 1 user Likes Peter's post:
  • Genesis
#9
(11-16-2018, 04:52 PM)Peter Wrote: I'm not happy with what Google is doing. Trying to push https on everyone when only some sites benefit from it. It's not only the ranking because Chrome shows http sites as "not secure" which is often slander. At the moment I redirect all https -> http because I don't want my links to break or have to pay for a SSL cerificate if for some reason this great place ceased to exist one day. I hope I'm not losing too much visitors from it. Dodgy

I'm with you on this one Peter. Most panels like cPanel have also worked out how one can do SSL for free. So Google has just upped the ante for everyone as evil doers can get SSL very easily too. It's not as "secure" as Google lets everyone to believe. And the opposite. If you don't have SSL doesn't mean your site is a security risk.

I don't have SSL on my VPS sites. As they're hobby sites mostly. But browsers seem to be discriminating more and more coming up with alarming notices about them being insecure, when others try to access them. At one stage I was able to create a list of sites that are "safe" in the browser preferences of FireFox, but these days I have to click through all of those "make it an exception steps" every time when I access the site. I'm waiting for the day when browsers just block non SSL sites completely.

You're right Google is getting to be too much of a "big boss" for its own gain and it's actually spoiling the fun for me in a big way. I most certainly don't feel that SSL is more secure, any evil doer can get SSL. Neither are those without SSL a security risk. There has to be a different way of identifying security risk. It's the equivalent of dogs barking for everything that moves, instead of barking at a real security risk.
[-] The following 1 user Likes Genesis's post:
  • Peter
#10
Yes, the "evil doers" can get SSL but I don't think that is much of a problem. The main security benefit of using SSL, as far as I understand, is that the traffic is encrypted so that it gets much harder for anyone to eavesdrop passwords and other security sensitive information that would otherwise have been sent in clear text.

So, yeah, SSL is probably right for many sites, but for websites that does not handle sensitive information it shoudn't be necessary.
#11
If you think SSL is only necessary with sites handling sensitive information, you're going to be surprised.

If a site does not have SSL, the traffic is indeed unecrypted as you say. What that means is that stuff that can harm your clients will get an easy way to do so. One of them being man-in-the-middle(MITM) attacks.

Let's take the example below of what can happen.
Client A visits your site, but is intercepted by Server X. Server X then gives a request to your site, which then gets back the response.
From there, Server X then proceeds to inject a whole bunch of virus-laden stuff, and passes the modified response back to Client A.
Client A then gets infected, which isn't what you want happening to users of your site.

I can understand why Google is trying so hard with this, and applaud them. FYI, one case of MITM attacks being Comcast's injection of its bandwidth ad across all the sites you visit.
[-] The following 1 user Likes CHT's post:
  • Peter
#12
Thanks for the details @CHT. That may be the case of interactive sites - larger sites where there are lots of traffic involved and plenty of communication. Not all sites are in that category. My sites are not interactive - they are passive. They don't have comments activated. They don't have emails. They don't have feedback forms. If my sites should go into more interactive, sales, communication etc. then yes, I do see the merit. My customers would be more confident my site is really my site. But even with that crooks can get past that. They have in the past, and probably will in the future too. One can never be 100% sure one is safe, even with SSL. Banks could probably tell you horror stories about that too. Hackers are just getting more brilliant by the day - a security measure is installed, they make their business to see how they can hack it.
#13
@Genesis You're welcome. That being said, it can happen to all sites. Doesn't matter whether the site is small traffic or not.
Though those doing it usually go for big sites first.

As for SSL, it is safe as long as you check that the site isn't hacked, and that the cert does match to the site in question. I never claimed 100% safety, cause that isn't possible.
So far, no one has managed to make a way to break into the SSL cert and make it look like the original cert, so you're relatively safe with SSL still.

In the end, the weakest link usually isn't the security, but the people. That's why Google's actually trying to educate users and site owners about security.
#14
Well, I guess I will eventually have to give in for the pressure, but the cost of certificates really worries me.
#15
(11-23-2018, 07:31 PM)Peter Wrote: Well, I guess I will eventually have to give in for the pressure, but the cost of certificates really worries me.

You can get free certificates though. I.e. Let's Encrypt.

Also, as far as I know domains in cpanel get automatic SSL. I thought you would have had SSL? Maybe you need to check that option in cpanel?
[-] The following 1 user Likes Genesis's post:
  • Peter
#16
Yes, I have SSL here on GigaRank. Currently I'm not really using it because I just redirect all https traffic to the http equivalent, but I might change this soon. My concern has been for the future in case I have to move to another host for some reason.

I haven't really investigated any of this so many of my concerns are probably unfounded. The only places I've checked are two paid hosts from my country, because I have bought domains from them, and one of them wants 169 SEK (~19 USD) per year for SSL on a single domain (not subdomains), and 1299 SEK (~143 USD) per year for a top domain + subdomains. The other host wants 1188 SEK (~131 USD) per year. Both of them offer free Let's Encrypt certificates but I noticed that one of them had a limit of max 5 or 10 certificates depending on the hosting plan because they claim it is more work for them.

So, I guess if I ever choose to pay for hosting and SSL I will have to take the SSL prices into account when choosing what host to use. The cheapest one above isn't really that outrageous (assuming I don't use any subdomains) when compared to what I pay for a domain. I am fully aware that I might find cheaper SSL certificates elsewhere if I actually looked around.

Let's Encrypt looks great. My initial concern, without knowing anything about it, was whether it was going stay around in the long run, and that its certificates would continue to be trusted by google and all the big web browsers. After reading up on it a little bit I am now more confident. Having names such as Mozilla, Chrome and Facebook listed as sponsors/donors says to me that it's something that the big players support.
#17
I think now-a-day if you have a site that is available to the general public and requires the user to provide information ( even just a simple registration) it need to use SSL. My wife and I were looking at doing our grocery shopping online for the convenience of home-delivery. Some places I looked at DID NOT use SSL but wanted you to create a user account providing your name, address and phone number. I actually rang a few places and told them I would like to try their service but was not going to provide my details over the net on a unsecured channel.
[-] The following 1 user Likes buzzawak's post:
  • Genesis
  




Users browsing this thread:
1 Guest(s)

[Question] How to get free SSL?469