Making Up HTTPS and SSL As We Go

Making Up HTTPS and SSL As We Go

Right this minute, multiple organizations associated with your hosting, SSL, and HTTPS are rolling out changes that may affect your site’s stability, even if you haven’t converted to HTTPS yet. Following is a brief of what’s going on.

NOTE: This is a very dynamic situation and is changing every day. I’ll be keeping this post updated with changes as I have time.

Hosting and SSL Certificates

Due to the extreme demand from site owners requesting SSL certificate installation, many hosts have opted to turn them on by default for all new accounts.

They are also turning them on for existing accounts, but that process takes time as they update servers.

So, even if your host has started this process, it may or may not have rolled out to you yet.

Hosting and HTTPS

Some hosts that offer a 1-click install of WordPress are electing to set them up as HTTPS by default.

So, if you are building a site from scratch, it will already have your free SSL certificate and all links will be HTTPS. No conversion necessary.

Hosting and PHP

The current stable version of PHP is 5.6.x. But, many hosts are pushing for all site owners to move up to PHP7. It’s faster and has other desirable features.

Some hosts are setting PHP7 as the default for new hosting accounts.

The problem is, if you are migrating from another host, some of your plugins may break because they are not PHP7 ready.

It’s possible that your theme could break too, but not as likely.

Apache

This is the software that the servers of many big box hosts run on.

Version 2.6 is rolling out and it may cause issues with the type of redirects associated with HTTPS.

I’m working with Tier 3 support at one host to see if that is the case, or there are other factors that make sites on certain servers have HTTPS regex issues.

cPanel

cPanel is a brand of control panel, which allows hosts to offer a nice looking and easy to use GUI (Graphical user Interface) for site owners to manage host account elements.

They recently rolled out v60, which has multiple changes regarding SSL certificates.

I’m working with Tier 3 support on some of the code that is being added to the .htaccess file for an alternative way to validate the SSL certificate.

Because SSL is being turned on, this code may be added to your site even if you have not converted to HTTPS yet.

FYI, some hosts are not even aware that this code is being added! cPanel has not done a good job of informing hosts of all the changes in v60.

CloudFlare has also teamed up with Comodo to issue SSL certificates to an entire server. That means even your login and cPanel user area are now encrypted.

CloudFlare

The CloudFlare CDN has a Crypto section with all of the HTTPS related settings. It seems to be changing by the day.

These enhancements also include the beta version of TLS 1.3 being on by default.

Plus, when scanning DNS records for the first time, CloudFlare is now picking up a TON of new records.

It appears these may be due to changes at the host, including those from cPanel, instead of just changes at CloudFlare.

I’ve seen instability on HTTPS sites recently and it’s super difficult to pinpoint which of these changes is causing the issues.

Keep Updated

I’m doing my best to keep members of my Webmaster Training Courses updated with the changes.

If you convert sites for a living, or want to learn how, you can’t afford not to be part of this program.

We have a private Facebook group and meet live regularly to discuss the changes that are coming lightning fast.