SSL Here's Why Your Static Website Needs HTTPS

eva2000 · Jul 13, 2018

Troy Hunt illustrates why a static web site needs HTTPS Here's Why Your Static Website Needs HTTPS

In one of many robust internet debates (as is prone to happen on Twitter), the discussion turned to the value proposition of HTTPS on a static website. Is it needed? Does it do any good? What's it actually protecting? I'd been looking for an opportunity to put together some material on precisely this topic so when a discussion eventually led to just such an offer, it seemed like the perfect time to write this post
Click to expand...

intercepted my own traffic passed over an insecure connection and put together a string of demos in a 24-minute video explaining why HTTPS is necessary on a static website. Here's the video and there's references and code samples for all the demos used immediately after that:
Click to expand...

Daniel J. Lewis · Jul 20, 2018

Thanks for sharing! Podcasters need at least the first 5 minutes of this, too, and simply replace "static webpage" with "RSS feed" in their minds.

(Apple will eventually require new podcasts and those that want analytics to use an HTTPS podcast RSS feed.)

eva2000 · Jul 21, 2018

Yeah one good thing about HTTPS first movement is eventually Centmin Mod's Nginx vhost creation routines won't need to ask if users want HTTPS but instead HTTPS Nginx vhost will be the default !

anthony parsons · Jul 30, 2018

eva2000 said: ↑

Yeah one good thing about HTTPS first movement is eventually Centmin Mod's Nginx vhost creation routines won't need to ask if users want HTTPS but instead HTTPS Nginx vhost will be the default !
Click to expand...

Don’t know why it’s not already with lets Encrypt freely available.

eva2000 · Jul 30, 2018

anthony parsons said: ↑

Don’t know why it’s not already with lets Encrypt freely available.
Click to expand...

well letsencrypt domain validation requires valid DNS records - unfortunately you can't automate that part for end users so if it was default now, some users will get failed vhost creation as letsencrypt would of failed

anthony parsons · Jul 30, 2018

eva2000 said: ↑

unfortunately you can't automate that part for end users so if it was default now, some users will get failed vhost creation as letsencrypt would of failed
Click to expand...

Isn't that a good thing though? Just my opinion.

eva2000 · Jul 30, 2018

Yeah really depends, some folks also want to setup private/internal test sites and letsencrypt won't work there either

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

SSL Here's Why Your Static Website Needs HTTPS

eva2000 Administrator Staff Member

Daniel J. Lewis Award-winning podcaster and consultant

eva2000 Administrator Staff Member

anthony parsons Member

eva2000 Administrator Staff Member

anthony parsons Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

SSL Here's Why Your Static Website Needs HTTPS

eva2000 Administrator Staff Member

Daniel J. Lewis Award-winning podcaster and consultant

eva2000 Administrator Staff Member

anthony parsons Member

eva2000 Administrator Staff Member

anthony parsons Member

eva2000 Administrator Staff Member

.