Test Email
Over a decade of exposing some of the seamier sides of the profession of Product Management. An irreverent traipse through the thickets, some past wisdom, packaged with wit, profanity, and references to intoxicating substances.
Strap in, it's gonna get bumpy!
This is a test post. Please ignore...
As someone who has long run his own websites, first with managed hosting, and now with VPS instantiations, I have wanted to take the [SSL/TLS] plunge. But, as a hobbyist, the cost to go HTTPS has just been a burden that I couldn't justify. Sure, I can handle a half dozen VPS's on [Digital Ocean], as the bandwidth is modest, and I have yet to make a big splash (hit wise), it is truly a hobby. Registering a certificate with a top tier authority, for a simple website, was $120+ per year. So I lived with the unencrypted http proptocol.
That has changed. With the advent of [Let's Encrypt], there really is a viable, free (as in beer) way to encrypt your web traffic to and from your server. For my two domains that are currently running [Ghost] blogs, there happens to be a handy [tutorial], again over at Digital Ocean that pretty much walks you through it step by step. (Yes, there is also a tutorial for Wordpress running on Apache2)
I did this first on this domain, paranoidprogrammers, as it is my "test bed," meaning that if I fuck it up, I won't cry a river, I will just restore from a backup and move on.
Of course, I did it half assed (more on that later), but it worked reasonably well, and I learnt a couple of important lessons.
1. If you want a "*clean*" https connection (i.e. you get the "green" prefix in Google Chrome) you need to make sure that all the elements that are rendered are pulled from their sources via https://. As I host all my images/header images via [Cloudinary], that meant that I needed to painstakingly go through every post, every header image link and change them to https:// from http:// Ugh.
2. If you screw up the creation of the original certificate (I requested a certificate only for the tld, not the tld + www.tld) you will get a really annoying error for some browsers that care. As in the www.paranoidprogrammers.com will be protected, but as the certificate will not say www.paranoidprogrammers.com, it throws a warning. I did fix this, but it was a bit painful.
3. Don't forget to restart nginx when you update your certificates. After I re-created and added the www.paranoidprogrammers.com to the certificates, it frustrated me that I still got that error on the www.paranoidprogrammers.com (and since Apple's Safari browser seems to only want to use the www prefix, it was maddening). Of course a simple "service nginx restart" fixed that, after about 10 minutes of beating myself up.
4. If you have [cloudflare] as your CDN/DNS you are gonna have a bad time. Yes, it will setup and appear to work. But when you are done, you will get into a redirect loop, and eventually your browser tosses in the towel. Turns out that the redirection of Cloudlflare prevents the verification and passing of the certs (which seems obvious in retrospect), and thus you will not ever be able to reach your server. Turn it off, and re-create the certificates, and all is well (yes, the tutorial warned me of this eventuality). I guess I will live without Cloudflare protection on this domain for now.
For my other domain, where there was a lot of image links throughout the site, posts, pages, and elements in the template, it took me a good 8 hours to find and fix them. There being one that really took a LOT to find. Fortunately Google's Chrome has an excellent tool to identify elements that aren't served via https:. That little "info" icon to the left of the address was a lifesaver.
Summary
The revelations of Edward Snowden raised the issue with using unencrypted http protocols for browsing. The advent of Let's Encrypt has brought the ability to safely, securely, and easily to encrypt the traffic to and from your server/droplet/vps. There are no excuses to not take advantage of this, for if I can do it, so can you!
Since the Dude is off all the usual socials, how about doing him a solid and sharing this. Either forward the link, or share it on:
(c) 2023 The PM Dude, all rights reserved
Testing