[inquirerofsorts]

UX advice for UI designers giving advice to software developers: Get a free cert from https://letsencrypt.org/ so my basic half-assed digital defenses don't block your site.

I'm not clicking through until you do sorry. Good luck with the multipart series.

[coldpie]

I'm not trying to be snarky, just trying to understand. What are you defending against by refusing to visit a read-only, plain HTTP site?

[dmitshur]

I’m not the parent poster, but one reason I can suggest is:

When you know about the security properties of using the HTTP protocol over internet, and proceed to visit a read-only plain-HTTP website, your attention and time are used up unnecessary on thoughts like “did the author really include this bit of content, or is it being MITM’ed?” with no inexpensive way to find out.

[koheripbal]

... but realistically, the risk of that is extremely low in this specific case.

[Jaxan]

ISPs have injected ads on http websites in past. So it has happened.

[Jerard_Victor]

sorry for that, will add SSL as soon as possible

[mch82]

Thanks for taking the time to share a write up on something you learned & put it on your own domain instead of Medium or something like that.

Yeah, ssl probably matters & other people will prefer a different “step 1”, but it’s cool to see people share their lessons learned & process. And it’s smart to make use of the byproducts of your work.

Many designers use a “mood board” early in their process to establish the target feel of their project. Your explanation of wanting to choose a color that felt “futuristic and brave” reminded me of that approach. https://en.wikipedia.org/wiki/Mood_board

[ithronmellon]

It's no use if you let it expire like they did.

[inquirerofsorts]

Out of the box LE make it hard to actually achieve that most basic of calendar fails.

[capableweb]

As far as I know, Let's Encrypt themselves do nothing to prevent you from hitting the expiry date with your certificates, but then I'm not sure what you mean with "Out of the box Let's Encrypt".

Usually you run Let's Encrypt with something like EFF's certbot, and then you certainly get lots of help to have up-to-date certificates, as long as you installed it in a way so it automatically runs (via cron or whatever you use).

[sjm-lbm]

I get emails from LE when my certs are about to expire. I'm honestly not sure how they do it (based on the email address, I'm guessing that they pulled the email they are using from WHOIS), but it's not something I went out of the way to set up.

I really like it, because it lets me know when I need to go in and kick certbot.

[detaro]

You likely gave certbot the email address when you set it up first, and it registers it with LE.

[Cthulhu_]

I've used LE for a few years and multiple times Certbot has broken, needed to be reinstalled, reconfigured from scratch, etc. In theory it keeps things updated automatically, in practice it needed a lot of wrangling.

[Brajeshwar]

Or let the free tier of Cloudflare do that.

[capableweb]

Or if the author don't want to let Cloudflare control their entire domain and give away their users' data, since the author seems to self-host with nginx: Use certbot and python-certbot-nginx, very easy to setup and maintain

- https://www.nginx.com/blog/using-free-ssltls-certificates-fr...

[Jerard_Victor]

it's self-hosted Ghost engine on DigitalOcean

[edoceo]

Yea, everyone move to this central platform. That way we can complain later when things are too centralized.

[swiley]

Letting someone else terminate your SSL kind of defeats the point behind it.