Setting Up and SSL

Rupert · February 07, 2017, 05:18:48 AM

New light.. thanks.

Chunkford · February 07, 2017, 12:00:24 PM

Yesterday I tried making my woocommerce checkout use https by ticking the box in the settings.
Wasn't working though as there were unsecured links to http resources.
Looking closer into it the theme I was using (flatsome) for some unknown reason would use http links when you changed the logo from the default.
Their reply, use this plugin - https://en-gb.wordpress.org/plugins/really-simple-ssl/
Now my whole site is https. Not sure if that's a good thing or not?

ukgimp · February 07, 2017, 12:56:12 PM

Worth having the whole site https imho

Apparently some ranking effect
Looks good to Jonny user
No warning (scare tactic) from browsers.

ergophobe · February 07, 2017, 05:02:00 PM

I've found it's easier to manage having a whole site SSL than just parts.

We used to go with just parts years ago because there was so much overhead in the SSL handshake and all that. Now, I wouldn't give that a second thought and just redirect everything as part of your domain canonicalization redirect. Something like

Code Select


RewriteCond %{HTTP_HOST} !^(www\.example.com)?$ [OR]
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

The %{HTTPS} flag is available in every version of Apache since at least 2.0. Can't help with other servers.

Torben · February 07, 2017, 08:41:44 PM

I you switch to https I recommend that you also make the switch to HTTP2, which is a more efficient protocol but only available in combination with https

ukgimp · February 08, 2017, 09:10:32 AM

Any good links Torben?

Chunkford · February 08, 2017, 12:32:12 PM

Yea, I'm starting to warm up to the idea of https being site wide.
The only issue now is I'm being told I've brought a CA that a 3rd party service I use doesn't support, and now the web hooks I use won't work.
Is this right? I've never come across this before, but then SSL is a new territory for me.

JasonD · February 08, 2017, 01:01:40 PM

>https2

Agreed but it's a weird one to work with and means a change from looking at raw text going through the http/s stream, many of us are used to. As a protocol it's binary only and a ratification of what Google used to call Speedy.

>The only issue now is I'm being told I've brought a CA that a 3rd party service I use doesn't support, and now the web hooks I use won't work.

That sounds like the 3rd party service is posting some data to you and their back end only has a subset of CAs installed for their code and clearly less than normal browsers do... If so... and presuming it's just them that post back to you, I'd mirror your back end code on another URL and IP restrict access to just their IP address or ask for what CAs they do support and get a certificate from one of them

Chunkford · February 08, 2017, 02:52:00 PM

This is the list they gave me - https://support.chargebee.com/support/solutions/articles/218485-accepted-ssl-certificates
TBH, I'm not too bothered as I'm moving away from them very soon. I was more surprised at the list as I wasn't expecting that.
Thanks for the info though, it's certainly another learning curve

Torben · February 08, 2017, 03:10:26 PM

Quote from: ukgimp on February 08, 2017, 09:10:32 AM
Any good links Torben?

https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-with-http-2-support-on-ubuntu-16-04

JasonD · February 08, 2017, 04:29:28 PM

> Chargebee list

It's quite comprehensive but far from complete. I understand why they do it they way they do, but.......

ukgimp · February 10, 2017, 09:27:56 PM

Just got this for one site:

https://www.screencast.com/t/2A9pIonbZhcC