Google Chrome and Your Insecure Site

This month was the first month that Google Chrome started marking non-https sites as “insecure”:

Other browsers have implemented similar warnings for those sites not implementing SSL (TLS) certificates, which create an encrypted connection between your server and your users. In the past, these certificates were mainly used by websites doing e-commerce. However, there has been a massive push for security and encryption over the last couple years, and for good reason. Having an HTTPS-compliant site is no longer a luxury. If you are sending or receiving user data, passwords, or other sensitive information, it is critical. There’s even evidence that it affects your search performance. With Chrome and other browsers now penalizing you for not securing your site (even if you’re not dealing with sensitive information), there’s no better time to update.

How do I Get SSL Certificates?

Getting SSL certificates was a notoriously difficult and expensive venture. They need to be signed by certificate authorities — organizations that your browser ‘trusts’ — in order to be valid. Most CAs charge somewhere between $150 and $500 a year per certificate, depending on the use case. On top of that, they need to be renewed on a regular basis, causing additional stress for your DevOps team to update before the deadline. Should those certificates not be renewed and updated, your visitors may encounter a browser warning suggesting they navigate away from your websites.

All these costs and complexities are part of the reason why adoption was slow. If you’re managing thousands of sites, keeping those certificates up to date could be a full time job. To address these issues, the Internet Security Research Group (ISRG) formed Let’s Encrypt, a free, automated certificate authority meant to challenge the status quo and make secure, encrypted websites easy. Utilizing their API, you can generate certificates programmatically, and avoid the complex ritualistic dance other CA’s require to verify your identity.

Even with Let’s Encrypt’s revolutionary approach to SSL certificates, it still requires quite a bit of effort to integrate, especially if you aren’t a developer well versed in their APIs and authentication mechanisms.

Let Cycle Handle Your Certificates

At Cycle, we take a security-first approach, and SSL certificates are no exception. We wanted to make it as easy as possible to generate, update, and use SSL certificates, so we did what we always do — distill the essential functionality down to a set of basic options.

Cycle has built in SSL certificate generation on a per-container basis. Any container that has a domain name attached to it is eligible, whether pulled in via stack or direct import.

When that box is checked, Cycle will generate the SSL certificates you need from Let’s Encrypt, and install them inside the container at the directory specified. Not only that, but every 60 days they will be renewed, without you having to lift a finger.

Of course, you’ll need to configure your applications to utilize the certificates if they’re not already designed to do so. If you’re using Wordpress, I wrote a tutorial on securing the default Wordpress container. If you’re using Apache, NGINX, or a custom solution, please refer to the documentation for your specific web server.

We love to simplify things even more, so while you may need to update existing code, we offer a couple pre-built containers for basic web/file serving that work natively with Cycle’s SSL certificates. Check out our gohttpd container for a simple, secure web server.

Still Have Questions?

If you’re encountering any issues generating, installing, or serving your certificates, head over to our slack channel. Our community is growing, and our team hangs out there daily. Feel free to shoot us a message with your question.

Of course, for a more in-depth look at how to use Cycle for your SSL certificates, check out our documentation.

Learn More + Get Started Today

Thanks for checking out our blog! If you like what you read, please subscribe.

To learn more about Cycle, please visit https://cycle.io.

To create a free account, check out our portal!