Now that Let’s Encrypt is up and running, and now that Dreamhost has integrated it into their tool set, I have finally gotten security turned on for my website.
Just visit philipbrewer.net using https instead of http and you can browse the site secure in the knowledge that the pages will be encrypted in transit. As if that mattered for a public website. But still—might be useful, and costs nothing except a whole bunch of cycles on your computer and my hosting service’s computers.
I had actually turned on encryption some time ago for the admin pages, so that I could securely administer the site even when my access to the internet wasn’t secure (over public WiFi, for example). But I hadn’t pulled the trigger to route general traffic over https because the certificate I used was self-signed, which meant that I could trust it, because I knew which certificate I’d installed, but the general public couldn’t tell the difference between my site and a fake site set up by a some perfidious fraudster. The new Let’s Encrypt certificate is signed by a well-known issuer, so any modern browser will show the handsome green padlock.
Update your bookmarks appropriately!