Closed Inarion closed 4 years ago
Inarion
commented
6 years ago I've just come across this article describing some state-level shenanigans with insecure download sites. While I'm well aware that a VBA add-in would likely never be popular enough to become a target for such actions, I still think that one should at least try to make the internet more secure. As such I felt it was a fitting occasion for a small bump in here. :)
Inarion
commented
6 years ago To cite from the report's conclusion:
The findings of this report also illustrate the urgent need for ubiquitous adoption of HTTPS by website developers. Handling web traffic over unencrypted channels leaves users vulnerable to network injection techniques that may expose them to spyware, unwanted advertising, or other Internet scams. Particularly on sites offering software downloads (some of which may be billed as “secure”), companies and developers responsible for such platforms must ensure the proper use of encryption.
Inarion
commented
6 years ago I'll leave a short summary from chat regarding this topic:
It appears the current domain host (GoDaddy) does not support LetsEncrypt and likely won't in the future. The current contract with GoDaddy expires early 2019. @retailcoder 's plan is to not renew the contract and then transfer the domain to a different host (Azure?) that seems to be better in about all aspects. Once the new host is in place, it should be trivial to then set up LetsEncrypt / https.
Zomis
commented
5 years ago I started using Let's Encrypt for my site(s) last year and I also recommend Let's Encrypt.
retailcoder
commented
4 years ago Completed (still GoDaddy but eh)
As @Vogel612 mentioned over in Rubberduck-VBA this is probably a more fitting place to talk about making the site viable for HTTPS.
I've somewhat recently created an SSL certificate for my own domain via Let's Encrypt and - as far as I'm concerned - it was a rather simple process. The details depend upon the domain provider's infrastructure, so I don't think it's useful for me to go too much into detail about that. But my provider (a large German provider) has support for Let's Encrypt certificates already implemented, so in my case it was as simple as entering some values into a web form.
I'm not quite sure what else to say here, other than that in my opinion Let's Encrypt is absolutely support-worthy - and be it only by spreading the adoption of HTTPS. :)
Does anyone have opinions about Let's Encrypt? Easier/Better alternatives? Objections?