{"id":1107,"date":"2024-06-23T17:49:05","date_gmt":"2024-06-24T01:49:05","guid":{"rendered":"https:\/\/www.eskimo.com\/support\/?page_id=1107"},"modified":"2024-06-23T21:55:40","modified_gmt":"2024-06-24T05:55:40","slug":"https-and-http2","status":"publish","type":"page","link":"https:\/\/www.eskimo.com\/support\/https-and-http2\/","title":{"rendered":"HTTPS and HTTP2"},"content":{"rendered":"<p style=\"text-align: center;\"><span style=\"font-size: 20pt; color: #008000;\">SSL Certificates for HTTPS and HTTP2<br \/>\n<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">HTTPS provides end to end encryption, unfortunately it is not foolproof as sites that provide edge caching have found ways to spoof a certificate, decrypt it, then re-encrypt it with their own certificate, but for the most part it&#8217;s superior in terms of security than having everything go across the Internet plain-text.<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">HTTP2 establishes a connection then sends ALL of the elements of a website over that one connection rather than setup a connection for each element.<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">Our web servers are fully enabled for both of these services and we do not charge extra for their use, but an SSL certificate is required. You can get these at any place that sells SSL certificates but we generally work with Mark Jacobson at Integraserv.net, (<a href=\"mailto:mark@integraserve.net\">mark@integraserve.net<\/a>) he resells for multiple vendors. Single domain SSL certificates generally run around $40\/year, wildcard certificates that allow any subdomain within a domain, about four times that. We do not support Let&#8217;s Encrypt or Certbot here because Let&#8217;s Encrypt limits cert validity time to three months and swapping certs four times a year just is not terribly reasonable, and because the server we use, a modified Apache2 server, will not start if even one certificate is invalid, so allowing Certbot would risk interrupting service for everyone.<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">Purchasing an SSL certificate involves first generating a CSR, certificate request, using openssl. You can do this from any Linux system with openssl installed or any of our shell servers by typing:<\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">openssl req -new -newkey rsa:2048 -nodes -keyout [your_domain].key -out your_domain.csr<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">Do NOT provide a password when you are answering the questions as this will result in a key that requires entering the same password when starting the web server, obviously a no-go.<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">Then send us the resulting .key file and your choice of certificate issuing authority the CSR, or alternately you can ask us to generate the CSR for you and we will be happy to do so at no additional cost.<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">It is not possible to purchase a certificate that lasts longer than a year.\u00a0 Sites that advertise this are really misrepresenting their product.\u00a0 If you purchase what is being advertised as a five year certificate, you are going to get five one-year certificates which need to be installed each year.<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; color: #000080;\">Once you have the certificate, e-mail to <a href=\"mailto:nanook@eskimo.com\">nanook@eskimo.com<\/a> and I will be happy to install it for you.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SSL Certificates for HTTPS and HTTP2 HTTPS provides end to end encryption, unfortunately it is not foolproof as sites that provide edge caching have found ways to spoof a certificate, decrypt it, then re-encrypt it with their own certificate, but &hellip; <a href=\"https:\/\/www.eskimo.com\/support\/https-and-http2\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1107","page","type-page","status-publish","hentry","wpautop"],"_links":{"self":[{"href":"https:\/\/www.eskimo.com\/support\/wp-json\/wp\/v2\/pages\/1107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eskimo.com\/support\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.eskimo.com\/support\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.eskimo.com\/support\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eskimo.com\/support\/wp-json\/wp\/v2\/comments?post=1107"}],"version-history":[{"count":5,"href":"https:\/\/www.eskimo.com\/support\/wp-json\/wp\/v2\/pages\/1107\/revisions"}],"predecessor-version":[{"id":1118,"href":"https:\/\/www.eskimo.com\/support\/wp-json\/wp\/v2\/pages\/1107\/revisions\/1118"}],"wp:attachment":[{"href":"https:\/\/www.eskimo.com\/support\/wp-json\/wp\/v2\/media?parent=1107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}