Traditionally associated with e-commerce websites, HTTPS is beginning to be more widely used on all types of websites to secure user accounts and keep communications private. Traffic to and from your website will be encrypted to guarantee that users are communicating with the website they intended and ensure that contents cannot be read or forged by third parties.
The security of your site users and data is clearly paramount, but there are other reasons why moving to HTTPS is important. Google announced in 2014 that they would give a small SEO advantage to sites using HTTPS over HTTP and are taking steps to further alert users when sites are insecure. They won’t be the only ones.
A move to HTTPS will also allow us to enable HTTP/2 in the near future, a new version of the protocol used to transfer web pages from our server to web browsers. HTTP/2 is more efficient than HTTP and will make your website load faster on modern web browsers such as Chrome, Firefox, Safari, Internet Explorer 11, and Edge.
To make all this happen we are using the new certificate authority Let’s Encrypt to issue our secure certificates. Supported by major Internet companies including Mozilla, Chrome, Cisco, and Facebook, Let’s Encrypt allows us to create the digital certificate necessary to host your site on HTTPS free of charge, and renew it automatically without manual intervention.
There are a lot of issues to consider when transferring to HTTPS – but for our clients, we’ve dealt with that for them: seamlessly, and in almost every instance without them even noticing. All part of the service!
We have been testing new certificates from Let’s Encrypt since December last year and have been running several customer websites (including our own) over HTTPS since April. The testing has gone well and we’ve now moved almost all our commercial client sites to HTTPS (the remaining two have good technical reasons not to do so at this time). We’ve now started migrating our political client sites (Liberal Democrats and Alliance Party of Northern Ireland) over to HTTPS. We’ve done the first nine sites and we’ve not seen any issues to date, and we’ll be registering certificates and moving the others (and there are a lot of them!) of the coming weeks.
Traditionally HTTPS has been limited to one website per IP address, but in order to host all of our websites over HTTPS we will be using a technology called Server Name Indication, which allows us to present multiple certificates on the same IP address. It is widely supported but does not work on Internet Explorer 8 on Windows XP. This means that any users still on Windows XP and using Internet Explorer will have to agree to a warning that the secure certificate name does not match your domain name. We estimate that this will affect less than 0.2% of all users and the site will still be accessible to them.