View Single Post
Old 2015-12-21, 06:59   Link #15
GHDpro
Administrator
*Administrator
 
 
Join Date: Jan 2001
Location: Netherlands
Age: 39
Quote:
Originally Posted by Konakaga View Post
As mentioned in the OP, Let's Encrypt offers HTTPS Encryption for free (besides the time to set it up). So you have options where you don't have to pay for anything .
One downside to Let's Encrypt right now is that to use the official client you essentially need your own VPS or server, as it requires root access.

With alternative clients like letsencrypt-nosudo and acme-tiny you might be able to avoid needing root access, but it will make things harder.

One of the things that doesn't help is that Let's Encrypt certificates are only valid for 90 days, so they need to be renewed quite often. If you had trouble getting the first certificate from Let's Encrypt, you might not be amused to know you need to repeat the process 4 times a year.

(I myself used letsencrypt-nosudo to set up the initial certificate and acme-tiny to automate renewals)

As alternative to Let's Encrypt there is StartSSL (their website is closed atm?) and WoSign (not a direct link; blog with more info). They each have their own downsides (StartSSL has hidden costs and WoSign is well, Chinese).

Finally if you do want to get a proper "old-style" paid certificate like Comodo PositiveSSL, then try sites like www.cheapsslsecurity.com and www.gogetssl.com where you can get them for <$5/year (if prepaid for 3 years, but this means less work renewing so not a bad thing).

If you don't want to bother setting up SSL on your own at all, there is CloudFlare, which does the hard work for you by proxying SSL requests through their servers. I haven't used this service (AnimeSuki does use CloudFlare but only for DNS) so I don't know exactly how to set it up and what the downsides are, but I presume it is not complicated to enable.

Last, in my previous post in this thread I responded to someone suggesting proxying HTTP request through the forum server. That would work like this: if you link to an image like http://notsecure.com/image.jpg then I'll make it so that any such requests are rewritten to https://forums.animesuki.com/proxy.php?url=http://notsecure.com/image.jpg

That way you don't need to do anything. At the same time you will only see the forum server's IP address in your logs.

Last edited by GHDpro; 2015-12-21 at 07:13.
GHDpro is offline   Reply With Quote