TSL for all Hoa's domain

Hello everyone :slight_smile:,

I would like to revive an old discussion: Having TLS for all Hoa’s domains. I propose to choose https://letsencrypt.org.

Do you think this is possible? We must be careful because we have 2 domains for the website: hoa-project.net and static.hoa-project.net. We should force HTTPS with specific headers. We must be careful with caches & co.

Who is skilled enough to lead this project? cc @pierozi, @CircleCode, @iraphael

Yes the support of lets encrypt is enough mature for me to be used. I’ve setup a certificate in 5min five minutes last week. The support of wildcard are still not ready but for out need I guess we can do one per subdomain.

You should know drop http for full https on website can have bad effect on natural SEO, links considered different, the ranking may be reset.

I guess that if we redirect HTTP to HTTPS, it will fail. Can we maintain both transports side-by-side?

Yes we can, maybe turn homepage as https redirect and let other page accessible in no-https for blog post or hack book as very well referenced

Who starts this work? @pierozi can you do that?

@pierozi it should be possible to redirect in https for blog post or hack book with 301 code

Yes the redirection is not a problem but search engine will consider https as new links and ranking will down on http link and https link will begin as new ranking. We could specify alternate and canonical links in meta but all of that is not clear even for Google support them self. I had this issues with e-commerce catalog but here maybe impact should less important.

I can we all agree than security is more important than ranking or SEO. Moreover, I am not sure we have a good ranking at all.

Ok let’s agree for 301 to https. I can setup today

Please, be present on IRC in case of something went wrong. We have published a new blog post and it would not be an excellent moment to be down :slight_smile:.

@pierozi You can try on hoa-project.com first. You may have some troubles with static.hoa-project.net but I think this is a good start. Or preview.hoa-project.net.

Ok certs for three domains has been build together, DH 2048 bytes too, and i’ve also prepare nginx config, but it can’t work right now due to outdate version of nginx 1.2 not support stapling… I’ll finish tonight.

Good luck and thanks!

Certificate are active only on static for moment, i let you check, then we can switch others.


I’ve also open PR #100 for replace static link to https.

A bit struggle after update, only IPV6 was listen from nginx. bad configuration on all website config files. the notation listen [::]80 is not correct and has been deprecated in new versions. ipv4/ipv6 notation must use with two lines. listen 80; listen [::]:80;

I’ve update all nginx config files. ~40

Your PR has been merged and deployed with success on hoa-project.net. Also, I did something very similar to blog.hoa-project.net, also merged and deployed (PR #6).

Now we can switch I guess :-).

Good catch for blog, I’ve forget this domain, i should include in let’s encrypt certs. I’ve setup HTTPS on preview website but it seems be not up to date with the git repository.

Ok i’ve rebuild certificates with lots of subdomains and setup auto renew.

The following domains has been setup in nginx but without forcing redirection for non breaking dependence or actual usage.

The website and blog must use https with search engine otherwise browser will intercept request. Also open two PR on preview for this.

We can have more details for administrator on server to /root/support-history.md

Is it over now? Do we have other domains to update or other manipulations?

Did you love SSL ? After fight with discourse header for make proxy work, I was wondering why any pages have no comments. It’s because the Jekxyl bot just created new thread. Like it’s based on full link, and https is another url…

Btw, this cannot work under preview.hoa due two domain validation.

But you can merge preview change into master.

1 Like

I am not sure it takes the protocol into account: Only the domain name and the pathname (probably the queries too), isn’t it?