Newbie to this site


#1

Hi All

Not sure if this is the right place to ask this question but here goes anyway.

I run a small website for a local group. Someone has volunteered to update the website for us and has said we need a security certificate from Let’s Encrypt.

Can someone briefly explain the benefits of having this please. We don’t hold sensitive information on the website nor take online payments.

Many thanks


#2

If you are fine if every thing on your website is publicly accessible, then it doesn’t matter. If you have any log-in then you must have a certificate, otherwise, your password will be sent in plain text and is publicly viewable.

Also, browsers will soon mark all sites on HTTP as insecure, if it’s a local group then this doesn’t matter. But why not get a free certificate to show the green lock instead?

I need a certificate because my cheap router has the control panel (micro-httpd) misconfigured and it blocks port 80… Or can micro-httpd even be properly configured?


#3

Generally speaking, it’s a service to your “customer”, i.e., the visitor of the site.

Nowadays, many people surf the world wide web through WiFi hotspots. For example, when they’re having a coffee, eating a burger somewhere, et cetera. Even some public transportation services offer free WiFi.

Most public WiFi’s don’t have any encryption at all and everyone with a WiFi enabled device (laptop or the likes) can “sniff” all the traffic of such free WiFi access point. Even the WiFi access points with a shared password isn’t secure! (Because it’s a shared password! ;))

Obviously, I have no idea what for kind of information your site contains, but generally speaking: nobody needs to know what I’m doing on the world wide web. Even if it’s useless information, I would like to keep this between myself and the server operator (the latter is unavoidable unfortunately :stuck_out_tongue:).

And now with Let’s Encrypt, you can offer this service for free! As in, free beer!

The implementation of a Let’s Encrypt certificate depends a lot on how your server is organised. I.e., is it a site run on a shared hosting environment? Or does it run on a (virtual) server of its own? If so, what OS? Et cetera et cetera.


#4

Thanks Osiris, that makes sense.

Can having an encryption certificate also give a search engine ranking boost?

(For information the website only has information on it of complementary therapies provided in our local area)

Many thanks


#5

Thank you JSPENGUIN2017. That also makes sense


#6

There are some news that Google will give HTTPS pages a higher ranking, I think eventually Google will stop indexing HTTP page when Chrome marks all HTTP pages as insecure.


#7

Some points about the value of using HTTPS on all web sites:

from EFF:

from Google:

from the U.S. government:
https://https.cio.gov/everything/


#8

Thank you to everyone that took the time and trouble to respond to my question.

I now understand what is being proposed.

Many thanks


#9

As a next resource, you might want to take a look at the Getting Started page!


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.