This morning was spent learning how this hosted wordpress site deals with https. Not something that is intuitive for me since I have always done it ‘my way.’
Folks should now only be directed to the https version of the site. The initial homepage still doesn’t show as “secure”. My guess is there is a link or two on the page that it pulls in via http. I’ll look into that later. It’s not like I’m taking folks credit cards or anything personal.
Just, why not encrypt.
A co-worker put me onto letsencrypt.org. Pretty nifty if I do say so. The caveat to “free” certificates is that they are only valid for 3 months, but I saw a live demo where every three months you run a single command to ‘refresh’ them.
If it really is that easy, I’ll be converting most of my internal SSL certs over to them rather than self-signed ones.
The ‘trust’ aspect of the certs though is questionable for legitimate business use cases though.
Also, while you’re at it. If you want it — using the menu on the left (click the three little lines) you can find my current gpg key.