Login | Sign up | Toll-Free: 1-800-752-0455



6 posts by 3 authors in: Forums > Off Topic / Other
Last Post: January 4, 2016

Hi yea,

Thought this was interesting (I am not spamming)

As from November 16th anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.



Let’s Encrypt is one step closer to offering free HTTPS certificates to everyone

All the major players are supporting it including Mozilla.

People are saying that Google made a mistake to tweak its search algorithm when there was nothing free for people running small domains or "not for profit" organizations.



Thanks for sharing, Kenny!

https-only is definately the way to go for any new or updated sites, and a free certificate provider is a great resource.

And it's even endorsed by security expert Bruce Schneier: https://www.schneier.com/blog/archives/2014/11/a_new_free_ca.html
And EFF: https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web


Dave Edis - Senior Developer

Is this something that could easily be implemented as a plugin - maybe as a part of permalinks?  


Tim Forrest
Toledoh Enterprises

Tim, you mean to force HTTPS?  

If so, permalinks generates some example mod_rewrite .htaccess code that could be used on any site and looks like this: 

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /

  ### Set URL_SCHEME (REQUEST_SCHEME isn't available before Apache < 2.4 and can include hostname)
  RewriteCond %{HTTPS} off
  RewriteRule .* - [E=URL_SCHEME:http]
  RewriteCond %{HTTPS} on
  RewriteRule .* - [E=URL_SCHEME:https]

  ### Force www. prefix - (RECOMMENDED/OPTIONAL) SEO to prevent duplicate urls (uncomment to use)
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteRule ^(.*)$ %{ENV:URL_SCHEME}://www.%{HTTP_HOST}/$1 [R=301,L]
  ### Force HTTPS secure connections - Optional security (uncomment to use)
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Hope that helps!

Dave Edis - Senior Developer

I actually meant configuring the SSL from letsencrypt.org - then using permalinks to force https...


Tim Forrest
Toledoh Enterprises

Oh, right.  It might be possible on some hosts, might need to be logged in as root on others to update the web Apache files. 

Dave Edis - Senior Developer