Upgrade to SSL

Posted on by

My Web hosting provider has added an SSL certificate to my web hosting plan. This certificate permits me to use SSL encryption on all my web pages. If you don’t know what that means, I can now use the encrypted https protocol rather than unencrypted http. In the past there was a performance penalty for using SSL, but nowadays this penalty is minimal and it is generally recommended to use SSL wherever possible. Without a certificate I was unable to use SSL encryption on my web site. But with the addition of the certificate to my account I was able to make the switch.

The first thing I did was to check using my browser to see if all the pages loaded when I typed https://www.cloppermillweather.org. All my pages loaded, but none of the images were showing. When I switched back to the unencrypted protocol everything loaded fine. After a lot of head scratching and a bit of searching I learned that my web site had a feature called Hotlink protection turned on. What Hotlink does is prevent other web sites from linking directly to resources on your web site.This prevents the other site from using your images in their web pages and in effect stealing your bandwidth. I don’t recall turning on this feature for my web site so I’m guessing it was on by default. It blocks all links to images except for sites with an exception set in the software. The problem is that there was only an exception for my unencrypted web site. I added an exception for the encrypted site and the images were now visible.

The next change I wanted to make was to redirect requests from the unencrypted site to the encrypted one. This would force anybody connecting to my site using http to be automatically switched to https. I added the following lines to the .htaccess file for my site and now all the http requests changed to https.

# redirect to ssl page if request is for the non-SSL page
RewriteCond %{HTTPS} off
# Redirect to HTTPS
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I made these changes to all my web sites hosted with this provider, and as far as I can tell they all are working fine. I haven’t done any concrete measuring, but I am unable to observe a performance penalty. I’ll consider this a success so far.