What is SSL and HTTPS, and why your domains should be available with these protocols?
What are SSL and HTTPS-connection?
SSL stands for Secure Sockets Layer, this is the protocol that uses encryption for data transferring.
When a server communicates with a browser they transfer info which is plain text in case this info is not encrypted. Thus, if you input your login and password, or other sensitive info on a website without encrypted connection, the data can be intercepted and can be used by any person as it’s plain text. This situation may happen in case you use an HTTP-connection.
SSL protocol encrypts the data sent between a server and a browser, and when this data is intercepted it is impossible to use it as the data is a set of useless symbols that can’t be read. SSL protocol requires an SSL certificate to be installed on a server.
HTTPS (HyperText Transfer Protocol Secure) is an HTTP + SSL certificate.
Creating a safe Web
As an initiative to make the web more secure, on September 8, 2016, Google announced that Chrome would start to explicitly label HTTP connections as “Not Secure”. The idea is that then you know the information is going over the internet unencrypted. Beginning in January 2017, Chrome will mark HTTP pages (meaning pages without an SLL certificate) that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
Beginning in July 2018 together with Chrome 68 update all websites using HTTP will be marked as non-secure even if there are no input forms.
Nowadays browsers mark all pages that have any content with HTTP (fonts, images) as unsafe.
How this affects advertisers and website owners
Now users with updated browsers (not only Chrome) will get a notification about a not secure connection while visiting a website without an SSL certificate.
Thus, not every user will continue their visit or click the links, not to mention filling in the forms on a page. No SSL certificate means less traffic.
Moreover, HTTPS websites are ranked higher in Google search although it is not announced officially.
Install an SSL certificate in Keitaro automatically and free
Keitaro gives its users an opportunity to install SSL certificates on domains for free and without any limits. We use Let’s Encrypt certificates which fit all browser security standards. The certificates are issued by Let’s Encrypt for three months and are automatically extended.
To issue a certificate for a domain, you need to add the domain to the tracker. On the Domains page, click the Add button. A window will be opened:
Put the domain’s name and click Create.
The tracker will automatically make a request to issue an SSL certificate and it will be activated within 20 minutes.
Enable Redirect to HTTPS feature if you want to make a redirect to a webpage with an HTTPS even if the visitor puts HTTP with your domain:
Note that this solution to issue SSL certificates is available only for trackers with the Installation method version of 2.20 and higher. To check your version go to Maintenance – Status and check the Installation method line.
If your Keitaro’s installation method version is lower than 2.20 you need to upgrade your server’s configuration.
Now you can get a certificate for any domain in the tracker hustle-free and without any manipulations with the terminal.