• English version
  • Version française
  • Versión española


Please welcome HTTPS

Posted on Saturday 2 April 2016

Until recently, anything hosted by TuxFamily and reached over TLS (HTTPS, POPS, IMAPS, etc.) implied to accept a self-signed certificate.

Since the "Let's encrypt" initiative has become a reality, TuxFamily recently jumped on the bandwagon:

  • *.tuxfamily.org web areas now benefit from a wildcard certificate (*.tuxfamily.org) kindly provided by GlobalSign.
  • Most *.tuxfamily.org services also benefit from that wildcard certificate.
  • Other TuxFamily-hosted web areas (e.g. vhffs.org or yabause.org) now benefit from a Let's Encrypt certificate.
  • Due to technical limitations, *.*.tuxfamily.org web areas and domains remain plagued by a common name mismatch error; fortunately, those remain quite rare and should benefit from a Let's Encrypt certificate on the long run.

This setup should bring class-A HTTPS to your sites, and even A+ if you set up HSTS.

Since your web areas are now reachable by everybody over both HTTP and HTTPS, you are now free to adapt your sites accordingly; typical setups include (but are not restricted to):

  • handling both protocols;
  • enforcing only authenticated traffic to HTTPS;
  • enforcing all traffic to HTTPS through redirections and/or HSTS implemented in .htaccess.

RSS Feed