You built your first app on Heroku and want to set up a custom domain. Everything is going well until you realize you need to serve your website over https. Unfortunately Heroku does not integrate with LE (yet) so you'll have to do some manual labor. Lucky for you, it's easy to do so!
Did you know you can have a secure, HTTPS-only server configured in just 10 minutes?
Thanks to Let's Encrypt, everyone can have free SSL certificates... forever! They can automatically renew, as well.
Let's Encrypt makes it relatively easy, but there are still a few gotchas to keep in mind. However, once you have it down, you'll never build another website that accepts HTTP connections!
In fact, my websites (including this one and my personal site) have become HTTPS-only. Why?
Really, one of the most compelling reasons is that public wifi networks can inject ads, so you don't actually see what the website owner intended.
Do you respect your users? Do you maybe even treat them like friends? Do you care about their privacy? Then please, use HTTPS all the time.
Users visiting your site on plain HTTP can be monitored on public Wi-Fi, and if they enter any credentials sent through HTTP, anyone watching could just see and steal that information.
I hope this quick summary was helpful. I've been surprised how few people have switched to HTTPS-only. Hopefully, understanding its importance + its free + how to do it = you make the switch!
letsencrypt on your server (via git cloning from their site)letsencrypt to generate a certificate (auto configured for apache, or via its webroot plugin for nginx)dhparams)You can follow one of these guides to get set up:
At Uplift, we take security seriously. We use our knowledge about things such as:
... to help secure our client's business. If you are concerned about your website's security:
If you have any questions or thoughts for improvement of this summary, let us know via our contact page.