Hi All
Not sure if this is the right place to ask this question but here goes anyway.
I run a small website for a local group. Someone has volunteered to update the website for us and has said we need a security certificate from Let’s Encrypt.
Can someone briefly explain the benefits of having this please. We don’t hold sensitive information on the website nor take online payments.
Many thanks
If you are fine if every thing on your website is publicly accessible, then it doesn’t matter. If you have any log-in then you must have a certificate, otherwise, your password will be sent in plain text and is publicly viewable.
Also, browsers will soon mark all sites on HTTP as insecure, if it’s a local group then this doesn’t matter. But why not get a free certificate to show the green lock instead?
I need a certificate because my cheap router has the control panel (micro-httpd) misconfigured and it blocks port 80… Or can micro-httpd even be properly configured?
Generally speaking, it's a service to your "customer", i.e., the visitor of the site.
Nowadays, many people surf the world wide web through WiFi hotspots. For example, when they're having a coffee, eating a burger somewhere, et cetera. Even some public transportation services offer free WiFi.
Most public WiFi's don't have any encryption at all and everyone with a WiFi enabled device (laptop or the likes) can "sniff" all the traffic of such free WiFi access point. Even the WiFi access points with a shared password isn't secure! (Because it's a shared password! ;))
Obviously, I have no idea what for kind of information your site contains, but generally speaking: nobody needs to know what I'm doing on the world wide web. Even if it's useless information, I would like to keep this between myself and the server operator (the latter is unavoidable unfortunately 
).
And now with Let's Encrypt, you can offer this service for free! As in, free beer!
The implementation of a Let's Encrypt certificate depends a lot on how your server is organised. I.e., is it a site run on a shared hosting environment? Or does it run on a (virtual) server of its own? If so, what OS? Et cetera et cetera.
Thanks Osiris, that makes sense.
Can having an encryption certificate also give a search engine ranking boost?
(For information the website only has information on it of complementary therapies provided in our local area)
Many thanks
Thank you JSPENGUIN2017. That also makes sense
There are some news that Google will give HTTPS pages a higher ranking, I think eventually Google will stop indexing HTTP page when Chrome marks all HTTP pages as insecure.
Some points about the value of using HTTPS on all web sites:
from EFF:
from Google:
from the U.S. government:
https://https.cio.gov/everything/
Thank you to everyone that took the time and trouble to respond to my question.
I now understand what is being proposed.
Many thanks
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.