Do you have non-SSL websites in 2017?
If your website doesn’t have a https, be afraid…
Google is shaming non-SSL websites from Feb 1st onwards
On Jan 31, Google will be releasing Chrome ver 56. (Google’s web browser)
Once updated, Google will slap your non-SSL websites (no HTTPS on your URL) with a label “Not secure” right next to your URL.
Right now, it only shows an innocent looking ‘info’ icon.
(See my website, feeling insecure, before purchasing SSL cert)
And to make your site look more prominent down the road, Goggle will give you a ‘FREE’ red exclamation mark like this.
What would non-SSL websites do to you.
If your business markets, promotes or sell product/services online, a “Not Secure” label can scare off most customers and potential clients.
Even if your business is legit, we just can’t shake off the thought if your site is:
– hiding malicious codes Trojan horse;
– hackers infested;
– safe for the user to provide any personal information.
In short, users will just hit the window close button with extreme prejudice.
All your hard work in building up the site, paying ads to bring traffic to your site, Social Media efforts, wasted.
Not worth it.
What can you do?
There are a few choices that I’ve researched and tried:
A. FREE SSL on your server
Yes, you heard it right.
If you host the website on your server and have an IT department, point them to www.letsencrypt.org for instructions to a FREE SSL cert.
However, you will need shell access. According to letsencrypt.org, it will make the process much easier.
Without shell access, the IT guy will have pull up the sleeves and dig in deep into this time-consuming exercise.
I doubt they will be nice to you for the weeks to come.
B. FREE SSL via your hosting provider
If you still insist on a free SSL via letsencrypt.org, ask if your web host provider can integrate Let’s Encrypt. It’s supposed to make the process easier.
C. Paid SSL – no frills
If your site is on hosted on your server, but you don’t have shell access (how come?):
Login to your Cpanel and look for SSL Wizard. It allows you to purchase an SSL cert for your domain.
I bought mine at USD$18. Note that this just for a single URL.
If you have other sub-domains (others.yourdomain.com, more.domain.com, and etc), they will not be covered.
You’ll have to purchase a wildcard SSL cert.
HOWEVER, note that images with an absolute link (www.yourcompany.com/images/photo.jpg) will not be secured.
It will show as Not Fully secure.
To fix that, change the link to a relative one (/images/photo.jpg)
The same “Not Fully secure” problem will show up if any non-SSL web services fetch data from beyond your site (link to FB live post, external analytics, etc.).
So, as long as you have absolute link and data fetched from non-SSL sites, you will need to fix each of them manually.
All of them.
D. Paid SSL – Hosting Provider
If your website is hosted by a hosting provider, just pay them to do all the work.
In the end, I purchase an SSL cert (yearly renewal) directly from them.
It covers all, including my sub-domains.
It’ll secure the whole site, just like one of the e-commerce site I ‘m managing.
I have tried the first 2 methods, and it was a huuuuuge headache.
For the no frills SSL, no doubt it’s cheaper, it doesn’t fully secure the site especially you plan to have sub-domains later on.
I have asked for a refund for the no frill SSL purchased via cPanel and they responded within a day.
No questions asked.
From now on, we’ll just have to resign with purchasing an SSL cert as part of the online cost.
Web hosting + Domain name + SSL. The very bare minimal.
Have some time to read? This is where I got the original news.
Let’s Encrypt: https://letsencrypt.org/getting-started/
*First published on 18 Jan for our subscriber.*
Everything is possible!
Don’t have the capacity to do the above? Click here to contact me to see how we can help you.