# HTTPS At Last

Finally got off my butt and used Let's Encrypt to add an HTTPS cert to this domain. Woot!

Non-HTTPS links should redirect to HTTPS ones, but this may change in the future if for some odd reason I think it should.

#### Posted on 2017-04-08 by Jach

Tags: fodder

Back to the top

Anonymous June 17, 2017 02:20:59 PM Is good now you can have HTTPS. However, HSTS is bad. HPKP is a good idea but they should not implement "no-user-recourse" (but I do have ideas of an alternative which gives the user additional options), and should not implement automatic reporting (only must be if selected by user).
Jach June 17, 2017 02:57:22 PM I don't send the HSTS header, I just do it old school with a redirect. :) The HSTS doesn't seem like a bad idea in addition though, apart from needing to make sure subdomains are covered. Why do you think it's bad? Do you not like the risk that when the cert expires, if it hasn't been updated then browsers will freak out?

Comment using the form below

(Only if you want to be notified of further responses, never displayed.)

LaTeX allowed in comments, use $\\...\\$\$ to wrap inline and $$...$$ to wrap blocks.