The trouble with hosting your own

When I bought the andrewdoran.uk domain I moved my blog off of the free hosting service at wordpress.com. They could have hosted my blog for me at that URL for a fee, but I made a decision to go solo as I wanted to host some static content alongside the blog at the same domain and that didn’t seem to be possible. I’m now running a WordPress install in the Amazon cloud that I created using a Bitnami installer. This gives me a ‘proper’ website stack of my own. Aside from a few setup tweaks and a little bit of regular maintenance to upgrade WordPress and its plugins, this has suited me fine. The balance of additional work versus additional flexibility has been good.

Troy Hunt’s excellent podcasts and blog posts have alerted me to the fact that web browsers are soon going to get more and more aggressive with websites that are not served up over https with valid SSL certificates. At a simple level, these certificates ensure that data is encrypted between the web browser on your computer and the server at the other end. Years ago, they were only really used for when you were checking out with your ‘shopping cart’ in an online store or accessing data at your bank. You knew that you were ‘secure’ by the fact that a padlock appeared next to the address of the web page you were on. For many reasons, it is now best practice to serve encrypted web pages for everything. When you visit an unencrypted website in the future, instead of passively just not displaying a padlock your browser is start to give you much more prominent visual clues that the website is not secure.

Last night a friend sent me this message:

Dramatic!

Dramatic!

…which is what Mobile Safari on iOS 11 shows you when you go to any page on my site prefixed with http__s__ instead of http. It looks as though I have inadvertently tweeted an https link and this resulted in everyone thinking I am a cyber criminal trying to steal their financial data off the back of a two-minute review of a 50-year old film. Not good. So, it’s time to jiggle the priorities on my to-do list and embrace a move to https across the site. This is where the problems start.

If I was hosting my site on wordpress.com or another platform they would take care of all of of this for me. Instead, I find myself spending a not insignificant amount of time looking into how to go about getting an SSL certificate (Let’s Encrypt), the best way to get it installed on a web site running Apache httpd on top of Ubuntu (Certbot, so that it automatically renews the certificates when they expire and I don’t have to do this every three months) and how to do this under the specific Bitnami setup that I launched all those years ago.

Three years of using Solaris as part of an undergraduate Computer Science degree in the late 1990s and using PuTTY once in a blue moon gives me enough confidence to get going, but hasn’t exactly garnered me with the technical chops to step up when things get challenging. After much frustration and fear of making a wrong move on the back end as a ‘super user’ (as I’m anything but) I have thrown my hands up, admitted defeat and opened a request for help. If anyone has any ideas as to how I can complete this process, I would be extraordinarily grateful for the time back that you will be giving me.

Leave a comment