Technical risk of moving to https


  • Moderador

    EvilTester.com is a static site built using HuGoI’ve been meaning to migrate it to https, but haven’t found the time recently.Today I found the time.<a name=“more”></a>
    Rather than purchase SSL from my web host, I’m just using Let’s Encrypt because it is built into my web host’s cpanel.While waiting for the SSL changes to propagate I amended my content so that instead of:* http://eviltester.com* http://www.eviltester.comI amended all references in the HTML to "//eviltester.com"These are Protocol Relative URLs.And I amended the .htaccess file to have https redirects

    # force httpsRewriteEngine OnRewriteCond %{HTTPS} offRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]# Force www on httpsRewriteEngine OnRewriteCond %{HTTP_HOST} ^eviltester\.com [NC]RewriteRule ^(.*)$ https://www.eviltester.com/$1 [L,R=301,NC]
    

    After I saw that I could visit https://eviltester.com I uploaded the changes… and held my breath.Because this seemed risky.After a quick navigation it seemed OK.I ran Total Validator Pro to check the links and it seemed OK.And by OK I mean it found a 404 that I don’t care about. But I do care that it was on a page that I should really have deleted. So I deleted that page.And it found a 404 on my front page, which again I have amended.There may well be other issues, but I will accept that risk for the moment since https was the priority.