From now on, you should see a delightful lock next to https://konklone.com in your browser’s URL bar, because I’ve switched this site to use HTTPS. I paid $0 for the trouble.
Why you should bother doing the same:
SSL’s not perfect, but we need to make surveillance as expensive as possible
For privacy not to be suspicious, privacy should be on by default
And hey, bonus: more complete referrer information in Google Analytics for people visiting from sites already using HTTPS (like Hacker News).
This post shows how to do your part in building a surveillance-resistant Internet by switching your site to HTTPS. Though it takes a bunch of steps, each one is very simple, and you should be able to finish this in under an hour.
A quick overview: to use HTTPS on the web today, you need to obtain a certificate file that’s signed by a company that browsers trust. Once you have it, you tell your web server where it is, where your associated private key is, and open up port 443 for business. You don’t necessarily have to be a professional software developer to do this, but you do need to be okay with the command line, and comfortable configuring a web server you control.
Most certificates cost money, but at Micah Lee’s suggestion, I used StartSSL. They’re who the EFF uses, and their basic certificates for individuals are free. (They’ll ask you to pay for a higher level certificate if your site is commercial in nature.) The catch is that their website is difficult to use at first — especially if you’re new to the concepts and terminology behind SSL certificates (like me). Fortunately, it’s not actually that hard; it’s just a lot of small steps.
Below, we’ll go step by step through signing up with StartSSL and creating your certificate. We’ll also cover installing it via nginx, but you can use the certificate with whatever web server you want.