Transcript

00:00 all right let's do it I got a whole ton of email the answer afterwards support makes the world go around hey Greg how's
00:18 it going today I'm doing well sir finally starting to feel like I'm getting my voice back oh yeah yeah that
00:27 whole daycare superbug ah finally things like it's getting on my system sweet
00:33 yeah how about you I uh I'm not feel a hundred percent today cuz I pulled an
00:39 all-nighter last night working on total CMS 2.0 slash dynamics and the whole new
00:45 website design and stuff so yeah it's uh it's been it's been fun
00:50 earlier in the week Monday and Tuesday I took a two-day camping trip with my son's class and um that was that was a
00:56 lot of fun one of the bright sides actually was there was zero cell service so I just turned my phone off and had
01:04 two nice days camping with my boy so that was good nice well let me let me be sure to be
01:10 sure everybody that you certainly look like he pulled an all-nighter thanks thanks yeah and then and then
01:19 tomorrow I am taking a a one day virtual
01:25 conference on trade Leadership Conference from you know Dave Ramsey ever heard of him so that there's a
01:30 one-day virtual conference or doing so that's gonna be tomorrow and then Saturday I leave for a one five day trip
01:38 to Vegas for a going to the micro comp conference in Vegas
01:44 okay so yeah good place where you staying in Vegas the Tropicana that's
01:50 where the confidence is gonna be at so I'm staying you know I try to stay where conferences are it is easier
01:56 yeah definitely is easier Doug Lester yeah commute and worry about yep and my
02:01 wife's never been to Vegas so it will be her first trip to Vegas as well so I'm taking her to Vegas I've been to Vegas
02:08 for other other conferences for when I used to work a day job but yeah she's
02:14 never been to Vegas and it'll be fun we live pretty close I'm surprised I have
02:19 at least I've been twice oh yeah I'm on the coast yeah I we bought I mean I
02:26 think I bought the tickets like four or five months ago so like the airplane
02:32 tickets were like under a hundred dollars round-trip was nuts wow that's awesome yeah for you I mean
02:39 we'll have fun yeah thanks yeah I'm looking forward to the conference it'll be it'll be a fun one I haven't been to a conference for over a year so and this
02:47 is this will be a nice it's you know conference basically around you know Indy SAS and developers so it's it's all
02:54 technical entrepreneur related so it'll be fun looking forward to it
03:00 yeah definitely after that's not how it goes yep so today everyone we are gonna
03:05 be talking about would have been talking about Greg o HTTP right and all the fun
03:13 stuff I know you probably hopefully you've heard some of the stuff that's going around with HTTP and how you know
03:19 basically everyone's got to get on the bandwagon and get their sites running on HTTPS so we're gonna talk about the kind
03:26 of the three ways that we can enable HTTPS on our websites and then probably
03:34 a few other tidbits of information after that about what you need to do and
03:39 things you might see and things that you might want to be aware of so you want to
03:44 kick it off Greg sugar shirt you want to start with the tried-and-true
03:49 old-school way to do it yeah so the old-school way which is kind of the really expensive kind of what the big
03:55 boys do right yeah yeah how it how it used to work is you'd have to generate
04:02 let's call the certificate signing request so you see this like CSR abbreviation that's what that was so you
04:09 had to go into your hosting account you had to generate this public and private key for your SSL certificate go
04:17 to someplace take that information paste it in purchase your certificate and then
04:22 once you get it in an email go back to your web hosting panel upload your certificate and activate it so that then
04:30 or install it and activate it so that then you could have HTTPS on your site it was expensive the base certificates
04:39 well at last were around $15 for a dot-com well it doesn't matter which
04:44 that URL is but it's you know one single domain so wwww if you wanted what's
04:53 called a wildcard certificate which we cover anything dot your domain calm so
05:00 you know FTP dot Joe workman dotnet or test dodger workmen dotnet or dev dev to
05:08 work brunette you can buy one certificate so you install it one said it would cover all those domains those
05:14 retailed I sold him a chili dog or eighty dollars yeah so it was expensive
05:23 for everybody it was terrible terrible user experience and so wasn't a one-time fee right was
05:29 isn't it wasn't it like no entry hearings is it one it's it's half one-time fee per year so you do the
05:35 whole process again exactly every year right yeah yeah so you know you could
05:40 buy a suit you could technically buy a certificate that lasted you know multiple years but you know still you're
05:45 up against the wall is gonna have that you're gonna to renew it it's just like a debate it's just like a domain except
05:50 significantly more work yeah oh that's how it used to be thankfully this
05:58 project came along called like let's encrypt let's encrypt yes thank God to them I think it was just like it caught
06:04 the road by or at least the web world by storm like only within the last like twelve to eighteen months right I think
06:10 it's really just been like um you know really caught on and I'll you know thankfully a lot of the big you know
06:17 name companies out there are the ones sponsoring it and for my knowledge it's
06:22 all free right so let's encrypt is all free so basically um if nowadays if
06:27 you're on a hosting company and they want to charge you for an SSL certificate um you might want to you know ask around because you know let's
06:34 encrypt certificates are now free right so that's really awesome I believe they I believe they support
06:40 wildcard certificates to now right don't they know that not yet okay yeah okay
06:46 they don't uh yeah but they do expire what after 60 days or 90 days how long
06:52 is it complete its 90 yeah and yeah so and then the whole
06:59 the nicety about it is that they you know you typically integrate with the control panel and they automatically
07:05 renew exactly so that so there's none of that what
07:11 good what why pasted where what does this mean no and there's no cost to it obviously but you know now that friction
07:18 of getting from turning your site into HTTPS is now minimal yeah no more
07:25 bestest cool so it's if not you a chili dog you have all like it's inside the cPanel right where you can just and it
07:31 just automatically renew so the customer doesn't really need to do anything right yep right I have an extra blog post and
07:37 I should probably publish that before her hey before this actually airs but
07:44 it's the it's in the auto ssl section and you'll see all of your domains all
07:49 your add-on domains all your subdomains set up and you'll see the ssl status of those on some users will get confused
07:57 because there'll be sub domains that they don't necessarily use and if you put a proxy service like CloudFlare in
08:02 front it won't you know that'll break that'll break the automatic ssl for those subdomains working but if you
08:09 don't use them it does it's not really a big deal you know like there's shortcuts for like wh m dot yar domain.com
08:16 yeah either cPanel duh right you don't use those so don't sweat them but
08:21 anyways ss back into the control panel auto SSL section it shows the SSL status
08:26 it shows when it's gonna renew and if your site is actually has a certificate ready for you for you to use and shake
08:33 your site so small tidbit though is interesting in setting up and using
08:38 let's encrypt from for my experience when I first integrated actually I don't
08:46 use a strip let's encrypt so this will surprise you Joe oh it's actually yeah it's actually on Komodo has a Komodo is
08:52 a large issuer of SSL Certificates they have a competing product because SSL
08:59 kind of caught them by surprise right in the losing on market share they actually have a competing free
09:07 product that's actually what gets issued for chillydog users is a comodo certificate not a let's encrypt it
09:14 certificate and the reason now the reason is just it's just because of
09:20 browser compatibility more browsers trust
09:25 those certificate authority then let's encrypt so you get a slightly just
09:31 slightly higher compatibility that the older browsers especially interesting
09:37 you know that that's probably probably just some really old browsers though no or it's I mean it probably yeah I mean
09:48 at this point this was like a couple years ago when I integrated this but I can't think of I can't think of you
09:55 know it's mainly Android and some of the older browsers that had issues with let's encrypt and you know if you get a
10:03 little bit higher level security a little better browser compatibility then you know why not I see you're
10:09 researching it yeah I just did a quick search actually I figured someone would what would be curious oh let's see anything greater than Android 2.3.6 I
10:18 don't know which app and much flavor that is I have no clue yeah anything
10:23 greater than Firefox to which now there are like Firefox 50 or whatever the hell
10:28 it is so well they changed their naming schemes to oh okay yeah let's see
10:35 anything see anything greater than Windows XP sp3
10:42 a lot of Windows Safari 4 so anything
10:48 greater than OS 10 10.4 anything I Oh s 3.1
10:55 and then it gets into Linux and Blackberry and crap so yeah I mean it's it's you know it they support anything
11:01 relatively modern write anything you know within the last you know five seven
11:06 years or something like that so oh yeah yeah again I did this years ago so those
11:12 numbers are different and yeah definitely so don't break if it works and there's no there's no strength and there's no
11:19 difference in the strength of this certificate right yeah in the level of the encryption so you're people are just
11:24 covered just as equally yeah yeah sweet yeah what I do is so I I do use let's
11:29 encrypt on a lot of my servers and then I have a cron job that kind of just like Auto renews the let's encrypt thing so
11:36 that it's kind of automated on my end via a cron job so yeah hopefully none of
11:43 you have to do that that's like super uber geeky stuff so go to your cPanel or go check out chillydog hosting and get
11:50 your free certificates on yes definitely yes but there's no
11:56 excuses not to have SSL yes and you shouldn't be paying like if you are paying right now for your SSL
12:02 Certificates like I know some people I have a couple guys say that they were paying like $50 a month because they
12:07 because that's what our host is charging them that's just absurd like really absurd so you're you're getting taken
12:14 brother so go ahead and find a new hosting company if that is the point because that is just stealing your money
12:22 at that point I need you real I need to reevaluate my ethics
12:28 yeah it's nuts and absolutely crazy
12:35 so next up on the ezine I think we started like the hard and then you know let's encrypt is that's pretty darn easy
12:42 or comodo if your hosting company sports it all free right you just set it up in the cPanel and whatnot right the next
12:48 layer is cloud flare and cloud flare supports basically even if your site
12:56 doesn't support a SSL certificate on the server they will basically they have
13:03 what's called flexible SSL and basically what that means is they will have let me
13:09 back up let me let's explain a little bit how cloud flare works right so cloud flare is essentially you turns into your
13:15 DNS provider for your website so all initial traffic to your site flows through cloud flare so all traffic goes
13:22 to Cod flare and then to your server right so even on their free accounts
13:27 they they support something called flexible SSL and what that means is the connection from cloud flare to the
13:35 user's browser is secure however if you don't have a certificate
13:41 installed in your server the connection from CloudFlare to your server could be non secure so this makes it really
13:50 simple especially back in the day when let's encrypt actually wasn't even around CloudFlare was definitely the way
13:56 to go um because it just made that like a breeze to configure so so that's
14:03 that's something called flexible SSL where even if you don't have let's encrypt or some sort of SSL certificate
14:10 on your server you can still have SSL through cloud player right um next the
14:15 next level is they have something called full SSL which basically you can use you
14:20 know you have full SSL from cloud flower to the browser and then if you have an SSL certificate on your server you have
14:26 SSL from CloudFlare to your server so that's full then they have another layer called like full strict or something
14:33 like that I should have got this out ya know yeah you're right full strict strict means that the
14:39 certificate on your server has to be valid and up to date I think ful will allow self-signed
14:45 certificates host yes yep so yeah so if you do have like let's
14:51 encrypt our Komodo you know certificate on your server you can do the full strict what Greg was
14:57 saying is you can also create something called a self-signed certificate mean um it's a certificate that you yourself
15:04 generate it's not something that was like issued to you from let's encrypt or some other certificate authority um so I
15:12 don't I doubt most people are really using that especially since let's encrypt is around I think that's
15:17 probably not something most people are gonna be using so yeah yeah because you're kind of eluding edit I should
15:26 mention that SSL kind of works because there are these bodies that are
15:31 rusted to up to say that this person is
15:37 who they say they are until Komodo and let's encrypt are these entities that
15:44 issue these IDs so SSL Certificates
15:50 than to gave the website so that's what these certificate authorities are and that's you know that's how the kind of
15:58 trust is kind of handled so the self sign one is a sell sign one you don't
16:04 really have authority to say that you know you can't say who you you are all right because you have to have that
16:10 third party to validate got it yeah hope that's clear if you get so that kind of
16:17 breezes through the three main ways I think people get can get HTTPS on their site right
16:24 well there's a lot of stuff there's a no there's a lot of stuff in there that you know I get questions about that are
16:30 probably important for rapidly for users you know this this is the
16:36 tip of the traffic to their site you know they still have to you have to
16:41 update your project file to use that HTTP URL yep so you know go
16:47 into the rap with a project file go into the project settings change it to HTTPS because if if there is any single
16:58 any single javascript file any single CSS file that is loaded on the page from
17:05 me HTTP the browser will immediately in validating injector yes so I'll do that
17:13 and then the other thing is and that I get asked a lot is people think that you
17:18 have one or the other so they think they think that
17:24 HTTP HTTPS and mutually exclusive but they're not think that's right they are
17:34 mutually exclusive yes it's not an or it's not a war so if
17:40 by enabling SSL are using SSL your site is not immediately just SSL to everybody
17:45 right because they can still access the HTTP version so um if you're gonna force
17:52 SSL you can do it in a couple ways you have to use either CloudFlare and you can use off the always SSL feature and
18:00 CloudFlare which I should know breaks the let's encrypt I believe at least you
18:08 used to breaks the less encrypt auto we're doing of certificates unless you have the page rule there know if that's
18:16 still true a nice - I know it works it works for me so um yeah I think I think
18:22 it must be good to go because I use it on on Weaver space okay yeah so we used to have what used
18:30 to happen is it would try to force that the secret let's encrypt file to HTTP
18:36 which can't be valid in and renew so and you know usually has to be done over
18:43 HTTP for the inner Sean oh okay questioning okay in clubs and glad that's a compass fixed but if the other
18:50 way to force SSL for a site is the cheat htaccess file
18:56 so I know that's a guy that can be a scary thing ferrati a lot of you active
19:02 users yeah they access files that can be a little a little bit tricky
19:07 yeah yeah just Google if you just Google will have a link in the show notes how
19:12 about that instead of telling you to go google it you know well sure sure I should also mention like thanks to some
19:20 poking and prodding by our friend Paul I've restarted Weaver tips so Weaver
19:29 tips the project I started about a year ago and it was mainly gifts of how to do
19:38 different things in rapidweaver yeah and Paul kind of nudged me nudging me cuz he
19:45 was talking about how he wanted to do something I'm like well I never did that in on weaver tips and leave her tips it
19:51 was really just about gifts and I've updated the site now to support
19:57 both just text in project files so now if I just have text a text tip it'll
20:03 show up as a certain banner and I'll be able to add project files a zip files
20:08 and you'll be able to download example project files for so now it's kind of expanding so back to the HD access thing
20:14 in the HTM the HTTP support I actually have tips now for the code for an HG
20:23 Access file to force SSL for a site so how how you can do it in a few different
20:29 ways very cool I have you know sort of have tips tips for forcing you know
20:35 doing stuff like forcing WW and your domain or you know stripping that out and forcing the bear the bear domain yep
20:41 too yeah so you know everybody check it out
20:47 cool and thank and thank Paul on the forums Paul Russell
20:52 thank you Paul you are amazing resource that guy's a workhorse he does some amazing he does some really good stuff
20:58 um he does so yeah so SSL so what a rep Reaver users need to do right and things
21:05 that I've seen right so um great Greg touch pace on a lot of the things right
21:10 make sure that um hey I do have to say that I prefer um the redirect always use HTTPS right so I
21:18 redirect all my domains from if you have an HD if you go to it with HTTP it'll
21:23 redirect it to HTTPS right that just makes sure that uh you know all all
21:29 traffic is going through that I don't need to worry about something that should be secure and it's not things of
21:34 that nature right I just haven't always be HTTPS seems like it's the way to go right it definitely is definitely
21:42 especially with all the browsers or stuff yep so in the next thing next thing I was gonna say is you know what Greg said with the browser stuff is why
21:50 do we want to do all this why why go through the headache of all of this okay so a lot of the browser vendors are
21:57 definitely high getting much more stringent on their security policies and
22:02 that means that they want to ensure that website visitors are their data is
22:09 protected right and that so they're making sure that if a website is HTTP
22:15 they they like that right and Google's has explicitly said that they will prefer all sites that are actually
22:21 served over HTTPS so if your site is not um HTTPS you're gonna get dinged in your
22:29 search results or in your rankings right because you're not HTTPS so that's definitely a big reason just that alone
22:36 is a big reason to go and do this right especially since it is relatively easy since we've gone over all the steps
22:42 earlier and next up is all the browsers what they're gonna start doing is and they're actually already doing it now right what
22:49 browsers are doing now I've gotten several support requests over the past few weeks about this where they're
22:55 getting alerts in Chrome or in Safari mostly chrome is definitely the most in
23:01 your face right now that it's saying this page is not secure right and right
23:07 now what browsers are doing is they're they're displaying these messages on any webpage that is not HTTPS and has some
23:16 sort of input so if you have a forum or a password protection box site so I'll
23:22 be getting a few requests from people that have page my page safe stack on the on the page and they're wondering why is
23:28 page safe not secure it has nothing to do with any of that it just has to be that your website is not HTTPS so the
23:37 browser is warning the user that they are going to input you know data into this form on a website that is not
23:44 secure so right now they are only displaying
23:49 these warnings for webpages that actually have some sort of user input okay but in the future they have said
23:57 later this year that they will display this warning regardless so they will
24:03 across it across the board display the error that your website is not secure if
24:08 it is not HTTPS so very important you don't want users to have any sort of
24:14 reason to not trust you or your website and HTTPS is really easy to configure so
24:20 just go ahead and do it wouldn't say it's defective or huge they know that you should be like focused on
24:26 if you're gonna do all your effort and stuff right right content to the image stuff that we talked about before but
24:33 it's easy low-hanging fruit that would take you five minutes so yeah definitely
24:39 definitely do it so next up so you're in your rapid Eva project what do you need
24:44 to do you've configured HTTP on your site what do you need to do right great Greg said some of these steps earlier
24:50 right make sure you go into your projects general settings and update your website address to be HTTP okay so
24:58 HTTP colon slash slash and then your domain okay
25:03 then throughout your entire site if you're referencing any sort of URL if
25:08 you are using warehoused images if you are importing any sort of libraries that
25:15 you've added into the head or into the you know the body or anything right if you paste it any code that you know
25:21 imports anything externally you're gonna want to make sure that all of the those
25:27 URLs are referenced with HTTPS because like Brett said earlier if the browser
25:33 says or sees that you are trying to use an HTTP resource on your HTTP page it's
25:43 going to throw up warnings to the user and it's going to say you know this page is not secure so and in fact some won't
25:52 even load a non-secure resource at all so your page might have
25:59 actually behaved properly as well so you're going to make sure that you know you go through all of your various
26:05 things that you've added to your project again warehouse image is any sort of
26:10 external library or code snippet that you've pasted or some sort of embed code
26:15 now another thing that I should add a lot of embed code things you can actually completely omit HTTP
26:25 : right so you could just do slash slash and then the URL and what that will do
26:31 is that will tell the browser to use whatever protocol the page is currently
26:36 on so if your page is HTTPS it will use HTTPS if your page is HTTP it will use
26:44 HTTP um the side effect of that is if you do that and then you're on an HTTP
26:51 site and then the site that you're referencing doesn't have that or something of that nature right it could
26:57 potentially cause some issues so yeah be careful of that I just recommend using
27:04 HTTPS for everything what do you think Craig absolutely it seemed like a no-brainer
27:11 yeah you know we we changed to the choir my friend preaching to the choir cool
27:19 well surely Jody gives good examples - oh so well well done sweet uh I think I'm out of ideas on
27:27 this you got anything else to add just do it just do it do it buddy
27:36 do it soon because all these you know I'm starting to get a lot of like I said a lot of sports question people are asking about this so go ahead do it
27:42 check out your hosting company um or you know use let's go going yeah that gets
27:48 chrome chrome 68 version 68 believe it or something soon oh really go okay so yeah yeah I think
27:57 that's why July of 2018 I think that's when they plan on you know doing it I I don't know I have that date in my head
28:04 but some reason I I thought it was something like that you know Oh yep so July and then yep
28:12 from 68 cool I we're both right sweet
28:19 yeah good to talk to you enjoy your enjoy your trip to Vegas I will I will
28:25 you know I'm not much of a gambling man but I will definitely enjoy myself my
28:31 wife loves the slots man she loves she'll sit there and she'll she'll be on the slots machines while I'm in the
28:37 conference all day and she'll be having a blast so I hope she does hmm I'm a blackjack gonna kind of person yeah but
28:45 I'm pretty couldn't probably guessed that I'm sure you could probably guess that you know I loved I loved I got into
28:51 when I was on a cruise I got into roulette and yeah I know that's a total game of chance but on the cruise ship
28:57 like it was a minimum of $1.00 and I loved it it was great and I made a ton I'm gonna killing but
29:05 then when I whenever I'd go to casinos now like the minimum bet on a roulette tables like five bucks and I'm like to
29:10 hell with that like $5.00 minimum bet on a roulette table is is uh you couldn't
29:16 lose a lot of money really quick with that you know what I used to do is I
29:23 only bet red or black and every time I lost at double the money okay right so
29:30 you always whenever you hit yeah interview win boys get you always get your money back plus you know Ridgely
29:36 bet yep and I was in I was in the Bahamas and I had seven losses in a row
29:44 oh it was it was it was 100 something
29:50 dollars so my next bet would have had it been in the 300s and I just couldn't
29:57 stand and I just couldn't stomach it and of course of course you know it hit and I would
30:04 have hidden no made it all back and everything but it was a long night to try to win on that back Monday but
30:13 different days different days different age but all right good night sir
30:19 yep so where can everyone find you on the interwebs Gregory chillydog
30:24 hosting.com chillydog software.com and at bar chard on twitter sweet and as
30:30 always I am at Joe workman everywhere Instagram Twitter Facebook you name it
30:36 if you want to list all your past shows here if you are just listening I just
30:41 sent out an email yesterday and we got like double our downloads in the past 24 hours so it's been great so if you are
30:47 new make sure you go over to weaver radio.com go to the archive and you can listen to all of our past episodes or in
30:56 your favorite podcast player it should work inside all podcast players and check out all of our past episodes
31:02 there's been some really great ones so yes and if you are enjoying the show go
31:07 leave us a five star review on iTunes we'd appreciate it you know I haven't even checked if we have any five-star reviews I should do
31:13 that and we'll report back on the next show so that's good sweetie to talk to you
31:18 Joe and cool take care Greg I'll talk to you later you too
31:25 "}]