

Ask HN: How easy/hard is it to offer HTTPS to your users? - FreeHugs

I am running a bunch of projects on a bunch of servers. How easy or hard is it to offer HTTPS to my users? Do I have to pay for a certificate for each domain? I don&#x27;t own anything with most of my domains, so I would not like to pay much.<p>And some domains, I just use for myself. The only reason I want to enable HTTPS on them is that I want to securely acess them while workinng from Cafes and Coworking spaces.<p>I use Apache on all my servers. I probably have set up the most minimal config possible, so the servers only reply on HTTP. What do I have to do to make them reply on HTTPS?
======
tomkwok
Use StartSSL[1], or self-signed certificates if you just use HTTPS for admin
access to some of your sites. You can easily find many online tutorials on how
to setup TLS/SSL on your web server after a bit of googling, such as this
one[2] on the DigitalOcean community site.

P.S. Judging from your username, it seems like you have played agar.io too
much. :)

[1] [http://www.startssl.com](http://www.startssl.com)

[2] [https://www.digitalocean.com/community/tutorials/how-to-
set-...](https://www.digitalocean.com/community/tutorials/how-to-set-up-
apache-with-a-free-signed-ssl-certificate-on-a-vps)

Edit: If you can wait until November this year, use Let's Encrypt[3] when it
is generally available to the public. At this moment you can also use
CloudFlare, which provides free SSL branded as "Universal SSL" if you use
their CDN.

[3] [https://letsencrypt.org/2015/08/07/updated-lets-encrypt-
laun...](https://letsencrypt.org/2015/08/07/updated-lets-encrypt-launch-
schedule.html)

~~~
FreeHugs
Wow, StartSSL will give me a free certificate that browsers accept without
bugging the user? Are there any downsides to this?

Is that possible for the whole domain, so that when I get a cert for
mydomain.com it also works for development.mydomain.com etc? Even when
development.mydomain.com has a different IP then mydomain.com?

~~~
tomkwok
The major downside I know is that in case your private key is compromised and
you want to revoke the certificate, you have to pay $24.90.

> Even though StartSSL™ provides certificates generally free of charge,
> revocations thereof may carry a handling fee. Take great care of your
> private keys, save and backup all files all the time!

See more on
[https://www.startssl.com/?app=37](https://www.startssl.com/?app=37)

~~~
nly
WoSign[0] do free revok and will give you up to 100 altnames. Failing that I'd
rather pay $10 for a cert from somewhere else, or pay a premium for my domain
at Gandi and get a cert thrown in.

[0] [https://buy.wosign.com/free/](https://buy.wosign.com/free/)

------
ShirsenduK
Cloudflare gives HTTPS for free. All you need to do is change your NS servers
and flip a few buttons.

Traffic is encrypted between browser and Cloudflare but not between Cloudflare
and your server.

------
theandrewbailey
Let's Encrypt will offer DV certs for free. Right now, they are aiming for
November.

[https://letsencrypt.org/](https://letsencrypt.org/)

------
rchrd2
After you acquire a certificate, it's pretty tricky getting the configuration
correct. I don't know about Apache, but in Nginx there are a lot of settings
to set so that you deliver that fastest https experience. There's a video
about it here
[https://www.youtube.com/watch?v=iHxD-G0YjiU](https://www.youtube.com/watch?v=iHxD-G0YjiU).
I'm dealing with this issue right now, where I have https setup, but it isn't
running optimally.

