HTTPS and HTTP2

SSL Certificates for HTTPS and HTTP2

HTTPS provides end to end encryption, unfortunately it is not foolproof as sites that provide edge caching have found ways to spoof a certificate, decrypt it, then re-encrypt it with their own certificate, but for the most part it’s superior in terms of security than having everything go across the Internet plain-text.

HTTP2 establishes a connection then sends ALL of the elements of a website over that one connection rather than setup a connection for each element.

Our web servers are fully enabled for both of these services and we do not charge extra for their use, but an SSL certificate is required. You can get these at any place that sells SSL certificates but we generally work with Mark Jacobson at Integraserv.net, (mark@integraserve.net) he resells for multiple vendors. Single domain SSL certificates generally run around $40/year, wildcard certificates that allow any subdomain within a domain, about four times that. We do not support Let’s Encrypt or Certbot here because Let’s Encrypt limits cert validity time to three months and swapping certs four times a year just is not terribly reasonable, and because the server we use, a modified Apache2 server, will not start if even one certificate is invalid, so allowing Certbot would risk interrupting service for everyone.

Purchasing an SSL certificate involves first generating a CSR, certificate request, using openssl. You can do this from any Linux system with openssl installed or any of our shell servers by typing:

openssl req -new -newkey rsa:2048 -nodes -keyout [your_domain].key -out your_domain.csr

Do NOT provide a password when you are answering the questions as this will result in a key that requires entering the same password when starting the web server, obviously a no-go.

Then send us the resulting .key file and your choice of certificate issuing authority the CSR, or alternately you can ask us to generate the CSR for you and we will be happy to do so at no additional cost.

It is not possible to purchase a certificate that lasts longer than a year. Sites that advertise this are really misrepresenting their product. If you purchase what is being advertised as a five year certificate, you are going to get five one-year certificates which need to be installed each year.

Once you have the certificate, e-mail to nanook@eskimo.com and I will be happy to install it for you.