Ask HN: How easy/hard is it to offer HTTPS to your users?
I am running a bunch of projects on a bunch of servers. How easy or hard is it to offer HTTPS to my users? Do I have to pay for a certificate for each domain? I don't own anything with most of my domains, so I would not like to pay much.
And some domains, I just use for myself. The only reason I want to enable HTTPS on them is that I want to securely acess them while workinng from Cafes and Coworking spaces.
I use Apache on all my servers. I probably have set up the most minimal config possible, so the servers only reply on HTTP. What do I have to do to make them reply on HTTPS?
7 comments
[ 2.9 ms ] story [ 23.9 ms ] threadP.S. Judging from your username, it seems like you have played agar.io too much. :)
[1] http://www.startssl.com
[2] https://www.digitalocean.com/community/tutorials/how-to-set-...
Edit: If you can wait until November this year, use Let's Encrypt[3] when it is generally available to the public. At this moment you can also use CloudFlare, which provides free SSL branded as "Universal SSL" if you use their CDN.
[3] https://letsencrypt.org/2015/08/07/updated-lets-encrypt-laun...
Is that possible for the whole domain, so that when I get a cert for mydomain.com it also works for development.mydomain.com etc? Even when development.mydomain.com has a different IP then mydomain.com?
> Even though StartSSL™ provides certificates generally free of charge, revocations thereof may carry a handling fee. Take great care of your private keys, save and backup all files all the time!
See more on https://www.startssl.com/?app=37
[0] https://buy.wosign.com/free/
https://letsencrypt.org/
Traffic is encrypted between browser and Cloudflare but not between Cloudflare and your server.