Tuesday, 4 December 2018

Technical risk of moving to https

EvilTester.com is a static site built using HuGo
I’ve been meaning to migrate it to https, but haven’t found the time recently.
Today I found the time.

Rather than purchase SSL from my web host, I’m just using Let’s Encrypt because it is built into my web host’s cpanel.
While waiting for the SSL changes to propagate I amended my content so that instead of:
I amended all references in the HTML to "//eviltester.com"
These are Protocol Relative URLs.
And I amended the .htaccess file to have https redirects
# force https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Force www on https
RewriteEngine On
RewriteCond %{HTTP_HOST} ^eviltester\.com [NC]
RewriteRule ^(.*)$ https://www.eviltester.com/$1 [L,R=301,NC]
After I saw that I could visit https://eviltester.com I uploaded the changes… and held my breath.
Because this seemed risky.
After a quick navigation it seemed OK.
I ran Total Validator Pro to check the links and it seemed OK.
And by OK I mean it found a 404 that I don’t care about. But I do care that it was on a page that I should really have deleted. So I deleted that page.
And it found a 404 on my front page, which again I have amended.
There may well be other issues, but I will accept that risk for the moment since https was the priority.

No comments:

Post a Comment

>