HTTPS or staying with HTTP?

[Adam H]

I did find it slightly amusing that they're still using http to serve that website, lol.

Thats the whole point, you can't present a test for http with out it being on http , press the https button at the top and it will switch to https

 

[RobM]

First post? Since 2012? Lol. You must feel strongly about this

LE is quite easy to set up and manage through AutoSSL with cPanel, it's quite literally a one click solution. As for the mobile site speed becoming a factor, I believe Google are now putting mobile first for ranking, as in, they will rank your mobile responsive website first before a desktop site. Modern standard is to build on a responsive framework, rather than having a separate website for mobile - so I can't see this being much of a problem, aside from old/outdated websites.

Some of us don't rely on control panels for many servers. Currently I run over 30 most of which have no control panel and I maintain the lamp stack, patch, code, secure etc using apache and bind for serving pages. It is a pain in the ass being forced to use a certificate where one isn't necessary, especially with documented and known random issues that can actually be detrimental. 'One click cpanel' solutions are not relevant to many of us who do this for a living. Again I am all for 'choice' - something that it seems more of you are willing to throw away just because something works for you.

 

[Edwin]

Does going https break Adsense, Analytics or affiliate programs? (I count them as broken if people get shown security warnings or similar afterwards)

 

[tocku]

First post? Since 2012? Lol. You must feel strongly about this

Ha! Not that strongly. More a first post since a rekindled interest in domaining. I've been lurking for a while

https is faster than http unless your running some pretty old server config. http://www.httpvshttps.com/

Not quite. HTTP/2 would be faster if it didn't force connections over SSL - another example of being strong-armed into it based on a non sequitur. SSL adds overheads to the https://httpvhttps.com page load time:

https://www.webpagetest.org/result/...069aeffd045a0/1/details/#waterfall_view_step1

What cost ? If you are using something like Cpanel most hosts already have it readily available and takes less than 10 seconds to activate.

I don't use a control panel. But even if I did, the tasks for some sites would include:

• log into cPanel, navigate to SSL and turn it on
• auditing cross-domain links for SSL
• changing site URLs in any CMS
• changing hard-coded URLs from http to https (e.g. media embeds, analytics etc)
• redirecting all http traffic to https
• adding and verifying https site to Google Search Console & Bing webmaster tools
• updating & submitting XML sitemaps
• reviewing site for mixed content errors, other errors
• monitoring error logs for 404s lest I missed some hard coded
• changing adwords/FB ad target URLs
• reaching out to key partners who link, asking them to change incoming URLs to https

That might be a good hour or two. So like I said - LE might be 'free', but it's not without cost.

 

[tocku]

Does going https break Adsense, Analytics or affiliate programs? (I count them as broken if people get shown security warnings or similar afterwards)

Changing to https can lead to 'mixed content' warnings. Most (if not all) 3rd-party providers will support SSL by now, so you might need to edit hard-coded URLs.

In an ideal world URLs would be protocol neutral (e.g. //www.mysite.co.uk rather than http://www.mysite.co.uk), but that's not always the case!

 

[Adam H]

Does going https break Adsense, Analytics or affiliate programs? (I count them as broken if people get shown security warnings or similar afterwards)

Would depend on your provider, if your embedding affiliate code into your site which isnt https ready then you could get mixed content warnings which would stop the embed from showing .

Analytics you can switch in the settings to read HTTP, Adsense has no problem with the switch. Other things to consider is your affiliate referrer where https can block tracking of affiliate codes. Something like this is used generally to help with that :

  <meta name="referrer" content="unsafe-url">

But its the same with every change you make, if its planned well and due-diligence is done prior then you shouldn't run into any surprises.

 

[Adam H]

I don't use a control panel. But even if I did, the tasks for some sites would include:

• log into cPanel, navigate to SSL and turn it on
• auditing cross-domain links for SSL
• changing site URLs in any CMS
• changing hard-coded URLs from http to https (e.g. media embeds, analytics etc)
• redirecting all http traffic to https
• adding and verifying https site to Google Search Console & Bing webmaster tools
• updating & submitting XML sitemaps
• reviewing site for mixed content errors, other errors
• monitoring error logs for 404s lest I missed some hard coded
• changing adwords/FB ad target URLs
• reaching out to key partners who link, asking them to change incoming URLs to https

That might be a good hour or two. So like I said - LE might be 'free', but it's not without cost.

That's fair, time spent can be hugely different depending on the site and/or duty of care/responsibility.

 

[RobM]

Lol you do know how much 30+ licenses would cost? It still doesn't alter the facts that a) the LE certificate system is flawed and b) it is only 'necessary' to have an SSL certificate for a static site because google told you to.

I give up - you obviously know everything.... providing you have a control panel. This seems to be the way the uk industry is headed with newbies who have no clue but thinking they know everything and openly enabling people to screw us like lambs on the way to the abbatoir. For that reason I am out. People know what my email is - there is nothing left to learn on this forum. I'm sure inteldigitial and the like can give you all the knowledge you need. It's clear from his past posts how vastly knowledgeable he is about the domain and uk industry.

 

[tocku]

Ben, I'm not sure that anyone's belittling you. I don't know Rob, but it's safe to assume that domainers come from a range of backgrounds - servers, design, coding, marketing, general business - each with our own perspective and bringing value in our own way.

Someone has to run the servers that our sites run on. You outsource this to Krystal Hosting (either directly or indirectly) and use cPanel which either they provide or you separately licence and maintain. Rob chooses to forego a control panel and manage his servers himself. Either way, there are servers to maintain. "The cloud" is just other people's computers.

You don't provide any added value through servers, Rob does. Perhaps you offer more value via design and marketing. There's nothing intrinsically wrong, irresponsible or a waste of time about either approach - they're just different.

What does add value is cross-pollination of views and perspectives (not insults!). Listening to why Rob does things in a certain way (and vice versa) can only challenge and improve our respective understandings.

 

[Adam H]

Ben you're going to have to have slightly thicker skin around here. Rob seems to be trying to take Invincible's place with his remarks of late trying to get a rise,......which he's obviously excelling at with you lol.

There is alot of assumptions that because someone mentions a preference they are therefore considered to be among that "crowd". I prefer to use centminmod LEMP stack personally where its warranted, but for every day usage and sites where small businesses or endusers may need some form of access ( such as adding email accounts or DNS entries or whatever ) instead of complete management its much more cost and time effective to use a panel.

I am probably also guilty of assuming the majority of people will be using some form of shared or managed cpanel solution hence my recommendations, but nothing I have recommended have ever been meant as a sweeping statement that everyone is in the same boat unlike some.

Horses for courses, each business model has its merits in both time, cost, efficiency and performance.

This thread was discussing if and why people were staying or moving to https/http, No one cares any many servers everyone manages and how condescending anyone can be.