After a nerve-wracking couple of weeks, delving into technical areas of the internet where few would dare to tread, I am pleased to announce that this site is now secure and can be reached using the https:// prefix, instead of the standard http://. It might be a good idea to enter the full new address ( https://henryhyde.co.uk ) and bookmark the new page, discarding the old.
If this all sounds like gobbledygook to you, I sympathise. But if you run a website of your own, as a small business or as a solo entrepreneur—including author/entrepreneur—then you need to pay attention.
Google has recently made it clear that it will give priority to secure sites such as this and the rankings of non-secure sites without SSL will be affected. See this recent report on this very subject.
Like many small business owners, I’ve been using the web for a long time (since 1996, in fact) and have been through the gamut of web design, site build and technical fads, so I count myself as pretty web-savvy. But I have to admit, this one blind-sided me.
With just a few days to go before the deadline, I rushed over to my ISP’s website (tshohost.com) and hunted for information about SSL. After reading some stuff, and knowing that I host several sites, I realised that a single SSL certificate would be insufficient. I thought I communicated what I needed to an online chat host, after which I selected and paid for their ‘Wildcard’ SSL which covers a principle domain name and unlimited sub-domains.
After several days to-ing and fro-ing, providing proof of ID and so on, I finally received confirmation yesterday that Trustwave had issued my SSL certificate and everything was in place. I just needed to add some lines of code to the .httaccess files of all my sites (which may be so mind-bogglingly technical for the majority of you that I won’t bore you with the explanation, but follow the link if you like) and then check them.
I did.
Nothing worked.
All my sites went down.
The blood
drained
from my
face.
But if there’s one thing I’ve learned from my decades of internet experience, it’s this:
Don’t panic.
Calmly, I removed the lines of code I had just added to all those .httaccess files and tried again. Everything returned to normal—but of course, unsecure ‘normal’.
Phew.
Back to Tsohost I went and, to their credit, their help staff were absolutely fantastic. Within a couple of exchanges, it became clear that I had misunderstood precisely what domains my certificate was designed to cover.
I’ll explain as briefly and clearly as I can. By all means skip this bit if you’re easily distracted.
For reasons I won’t bore you with, some years ago I bought hosting with Tsohost under a domain called venice-and-the-veneto.com. All my other domains—this one, battlegames.co.uk, gladiuspublications.com and several others—are classified as “Addon” domains of venice-and-the-veneto, and their hosting is set up as a set of “Subdomains”.
So, technically speaking, when you visit this site, you are actually reading this on a page of henryhyde.venice-and-the-veneto.com. But, having purchased the domain name henryhyde.co.uk separately, I have used the “redirect” facility to ‘point’ that domain name at this site, so when you enter “henryhyde.co.uk” in the URL box, you end up here and the technical wizardry hides the actual address of the page.
Clever, huh?
Why have I done this?
Because it means that rather than buying lots of separate domain names with separate hosting attached, I can take advantage of having loads of domain names (some of which may have been purchased elsewhere) pointing at just one control panel for all my hosting needs. It saves me money and—until this moment—a lot of hassle! If I have hosting problems, I just need to contact my favourite hosting company and have everything to hand in a single control panel.
Back to the SSL saga.
It seems that the Wildcard SSL certificate that I purchased would only cover venice-and-the-veneto and the other sites as long as the full URL with the venice-and-the-veneto part was also entered. in other words, if you headed over to henryhyde.venice-and-the-veneto.com or battlegames.venice-and-the-veneto.com, you’d be fine; but entering the normal bookmarked henryhyde.co.uk or whatever led you straight into a digital brick wall: literally, an error message of heart-stopping proportions.
With the help of the Tsohost help staff, I was able to clarify that I wanted people to be able to visit my primary sites, using their normal URLs, with the reassurance that those sites are secure. As a result, I was advised to cancel the Wildcard SSL certificate and get a refund on that (which was all done in a matter of a few hours earlier today—fantastic customer service). In fact, I’m taking the refund as a credit on future invoices from them, which is fine by me since a) I trust them and b) I use their services a lot, so the money will be used soon enough.
Next, Tsohost have registered the list of URLs that I want covered FREE with Let’s Encrypt. You can, of course, do this yourself, following the advice on their site, but the wonderful staff at Tsohost did this for me, free of charge.
In future, I could purchase a Multi Domain SSL from a third party SSL provider, and have this installed by Tsohost for me as an annual service for £25, including VAT. Sounds like a bargain. But for the time being, I’m perfectly happy that all my sites are now secure, and apart from some wasted time that could have been saved if I’d perhaps explained myself better at the beginning, has cost me nothing.
So, at the end of all this, what’s my advice?
- Head straight on over to https://letsencrypt.org/, register your site and get secure.
- Choose your Internet Service Provider wisely. Cheapest isn’t always best—the true test is always the help you get when you need it the most, and Tsohost have been fantastic.
I hope that you’ll learn from my mistakes!
UPDATE
I received a message from Chris at Broadbandseach.net, who says:
It would be a great addition to your piece and give your readers some more recent and in-depth information. Here’s the link to it: https://www.broadbandsearch.net/blog/alarming-cybercrime-statistics”
Henry, I am soon scheduling a meeting with a local company for a new website for my agency and (new) my publications; two different entities. Your information allows me to be farther ahead than I would have been in my understanding. Gratefully, Bill P.