If you visit this blog from time to time, there’s something new you may not have noticed up in the address bar: a padlock. Since starting my site, it’s been available over HTTP only, but as of this weekend, if you try to connect via HTTP, it’ll quietly redirect you to HTTPS.
I work at a security company, and ironically that’s what may have delayed my installation of a security certificate on this site. The risk here is low, given that I’m the only one that logs in. However, it always bugged me that I hadn’t added transport level security (TLS) to the site, and this weekend I logged into my hosting provider’s console to see what I needed to do to fix it.
It turned out to be ridiculously easy. My hosting provider, Pagely, has a direct integration with LetsEncrypt, a nonprofit – and free – certificate authority that generated a new secure certificate for my site with just a few clicks. After that, the door was closed.
It feels a little sad to take this step, like moving out of a neighborhood where you don’t need to lock your doors. But it certainly couldn’t be easier.