Identi.ca
Christopher Allan Webber

FFS SSL

Christopher Allan Webber at

Andy Wingo, one of those people who writes about stuff I usually feel like I'm only a fraction of the level of smart enough to grasp (but usually well enough to make me try anyway), writes about his misadventures in trying to ssl-enable his personal website.

If it's that hard for Andy Wingo, that doesn't spell well for the rest of the "personal hosting" world.

Nicola Busanello, Artopal, jrobb, Ben Sturmfels and 11 others likes this.

jrobb, Stefano Zacchiroli, Lars Wirzenius, Stephen Michael Kellat and 3 others shared this.

Show all 7 replies

I have ~50 sites to migrate and countless sites to set up on no less than 8 networks, all pending me spending the time and money to SSL on all the domains. My life would be SO MUCH EASIER if I wasn't trying to do this. I am constantly frustrated and can't sleep because of this. And no one that uses these sites, either the owners or the visitors, really care. I would probably be contributing to the cause more by running a Tor relay.


I fucking hate how hard it is to setup SSL.

maiki at 2014-10-18T04:09:21Z

Douglas Perkins, lnxwalt@microca.st likes this.

I recall the huge hassle I had trying to get ssl working when I had an own cloud, I was using a self-signed cert since I was the only one supposed to connect. it took me forever to figure out that Apache needed a virtual hosts entry even though I only had the one hostname. and of course, none of the graphical configure tools from yast would do that or make/use a self signed cert... best part is I wasn't even doing this for security, my ISP blocks the http incoming port on residential accounts, but not the HTTPS port...

someone should really make an hpr episode about self hosting and SSL

David "Judah's Shadow" Blue at 2014-10-18T14:41:55Z

lnxwalt@microca.st likes this.

After seeing the Moxie video, and him pointing out all the problems with SSL it seems pretty pointless, we need something new

johnmont at 2014-10-19T03:38:55Z

it gets worse if there are multiple domains on the same server and ANY domain or subdomain on the server is for public use.

Certificate warnings might be just annoying on a personal site where the user knows what they are about, but on public sites they scare users away (and most likely many people out there don't know the difference between a certificate warning and a warning form a virus scanner on their pc and when they see a "scary" warning they don't read beyond the heading without even thinking about what exactly is untrusted and by whom and for what purpose but instead just go back to some big corporate silo where the don't see scary warnings!)



michaelmd at 2014-10-20T00:49:41Z

lnxwalt@microca.st likes this.