Green Padlock - Symbolizing the security of using HTTPS on your website

HTTPS Everywhere

Using HTTPS Everywhere

I recommend all websites use https. That includes your personal blog, small company marketing sites, as well as web applications and e-commerce websites.

What is HTTPS? As I explained in my article for small business: “It is HTTP delivered through a secure, encrypted connection. When you visit a website protected by HTTPS, the first step is your web browser and the web server negotiate encryption keys that will be used for the session. These keys are then used to encrypt the data flowing between the two end points – in both directions.”

This blog post will serve as an online notebook for information, tools, and links regarding utilizing HTTPS for your website.

Why use HTTPS? The Benefits of HTTPS over HTTP Explained

Why? Primarily for these three reasons:

  • Confidentiality – Web page data, form data, cookies, the full URL path, all encrypted. Only the IP address is unencrypted (otherwise, how would the request ever get to the destination?). This ensures data in both directions is kept confidential.
  • Authenticity – Ensures the identity of the source is accurate
  • Integrity – Ensures the information hasn’t been tampered with or modified while in transit

Regular HTTP has none of these things.

Here’s some additional reasons:

Finally, it’s the wave of the future. The HTTP/2 protocol, which will eventually replace HTTP has TLS security baked in at it’s core.

HTTPS – Getting Started

How do you use HTTPS? Here’s a quick start guide

  1. First, you’ll need to obtain a certificate from a Certificate Authority, or CA.
  2. Install onto your web server of choice
  3. Setup a 301 redirect for any non https links
  4. Test the certificate, to make sure it’s working properly
  5. Re-register your site in Google Analytics and Google Search Console

How to Setup HTTPS – Using “Let’s Encrypt”

Let’s Encrypt is a free, open, and automated Certificate Authority (CA)

(Check back soon and we’ll have a tutorial on how to use a “Let’s Encrypt” certificate on your website).

How to Setup HTTPS – on 1&1 hosting

Unfortunately, 1and1 shared hosting does not support the “Let’s Encrypt” CA at this time. However, they do offer reasonably priced certificates for personal blogs and other sites, as well as fully verified business certificates. At this time, a personal blog certificate is only $9.99 per year.

  1. If your plan includes a certificate (Business package, for example, includes one by default), you can access it from the SSL Certificates menu in your 1&1 Control Panel. If your plan doesn’t include one, or you need an additional certificate you can order it from the same page. For a personal or hobby blog, order the 1&1 SSL Starter certificate. Please note that you do not want the 1&1 SSL Business package – “GeoTrust True Business ID” verified certificate – unless you have a business entity with incorporation papers, etc. If you don’t have that, you’re not going to be able to confirm your business identity
  2. Use these steps to associate the cert with your domain.

It’s that simple!

1&1 Shared Web Hosting – Features and Reliability

Despite the fact that 1&1 doesn’t support “Let’s Encrypt” certificates on their shared hosting plans, I have been very pleased with 1and1 hosting service. I have used the 1&1 Business Package Web Hosting for almost 15 years. I have hosted dozens of different sites, with different traffic needs. I have hosted many Linux based WordPress and VBulletin sites on my account, and currently have at least 6 sites running. If you need website hosting, with unlimited space, unlimited files, and unlimited MySQL databases, I recommend 1&1. I have worked with their support on occasion, and it is excellent. Shared hosting will be the most cost effective choice for running a small business or personal website. If you are critically dependent on your website (such as for a web focused small business and e-commerce) I recommend their dedicated or virtual hosting options instead.

I have worked extensively with GoDaddy and BlueHost web hosting as well, in my professional endeavors. I recommend 1&1.

Links & Resources