[echelon]

> Furthermore, congrats on your site but you’re 0.01% of sites like that.

Thanks to the rise of the almighty platforms we've lost the will and know-how to do it ourselves.

> TLS is easy and free in 2021.

Only if you're relying on complicated cloud infra or (non-free) managed providers that do everything for you. It's a lot of work to set this up on your own.

It's impossible to be simple at this point. It's like the automotive industry which collectively decided to use computers for everything. You can't repair things yourself now. It's ironic, too, because now the industry finds itself with a chip shortage. I can imagine lots of scenarios where our complicated infrastructure requirements bite us.

There should always be the option of not using TLS. It should be first-class and not require expertise to access or use.

[nybble41]

It's actually very easy to set up a TLS server using certificates from Let's Encrypt or any other ACME-compliant certificate provider. If you're using Apache, mod_md[0] will manage all the details for you. After enabling mod_md and mod_ssl, a simple TLS server only requires a few lines of extra configuration compared to a basic non-TLS site:

  MDCertificateAgreement accepted
  MDomain example.org
  <VirtualHost *:443>
    ServerName example.org
    ServerAdmin admin@example.org
    ServerAlias www.example.org    # optional
    DocumentRoot htdocs/root
    SSLEngine on
  </VirtualHost>

If you're using Nginx rather than Apache I believe it still requires an external script to handle certificate renewal, but the process remains fairly simple. The same scripts will also work with Apache if you don't want to use mod_md.

[0] https://httpd.apache.org/docs/trunk/mod/mod_md.html