What is HTTPS, and how to set it up?
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). Both are used for communication between computers over a network, but HTTPS adds a layer of security by encrypting the data traffic using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL).
Why is HTTPS good?
It protects against various attacks:
The authentication aspect of HTTPS requires a trusted third party to sign server-side digital certificates. This was historically an expensive operation, but In 2016, a campaign by the Electronic Frontier Foundation with the support of web browser developers led to the protocol becoming more prevalent.
Nowadays HTTPS is a must have for modern websites, since all major browsers are notifying users if their connection to a given website is not secure, and websites using HTTPS have a serious advantage when indexed by search engines compared by websites set up with only using HTTP.
How to set up HTTPS?
Setting up HTTPS for a website costs nothing, and is a fairly easy procedure, but might require different steps depending on the type of our hosting provider.
Most hosting providers provide automated methods for setting up HTTPS on their own administrative panel (eg. cPanel, Plesk, etc.)
If we have shell access to our webserver, and we are granted the necessary privileges, we can use Certbot, a free application and service to generate, renew and delete our own certificates.
If we can not, or don’t want to use Certbot, we can use certificates issued by other providers, but installing these certificates might require advanced server administration skills.