Safe way of Robin getting https certificates ?
12 views
Skip to first unread message
Robin Lovelock on robin@gpss.co.uk
Nov 25, 2024, 5:26:18 PM11/25/24
to Colin Sauze' via Microtransat Microtransat, ROBINLOVELOCKSFRIENDS
Hi Guys. I'm guessing Colin Sauze may provide the most reliable answer to my subject question.
i.e. give result that https://www.gpss.co.uk is forwarded (through appropriate logic) to http://www.gpss.co.uk
e.g.of Colin's help: When I got a QR code, simply looking on the Net, I used one that DID NOT
link directly to http://www.gpss.co.uk but to their own site, meaning they suddenly
started to charge money, and goodness knows what else. BUT Colin's advice
led to that simple free DOS program that did the job perfectly.
Now to my subject question, starting with a relevant extract >>>
Colin:
First the off-topic BTW/P.S. : you are, of course, correct: https://en.wikipedia.org/wiki/HTTPS
<<<<
Looking at above, I saw places I could go, BUT wondered if there were risks.
I would probably start with the least important of my domains: http://www.gpshobby.info
then, if no problems seen, do http://www.nhscare.info then, finally, http://www.gpss.co.uk
When I got these domains, many years ago, I thought that I owned them.
e.g. if I did a "Who is" on the domain, they gave my own details like name, address, etc.
BUT, over the years, changes in hosting ( I have several alternates, but one controls it )
there is doubt in my mind if the https->http would be OK.
Great if it is a simple and safe process ;-)
Take Care
Robin
Robin Lovelock, 22 Armitage Court, Sunninghill, Ascot, Berks, SL5 9TA, UK
Landline 44 1344 620775
Take Care, Stay Safe, and enjoy life while we can :-)
UK Landline: (UK+44) 01344 620775. Mobile: 07736 353 404.
Robin Lovelock, 22 Armitage Crt, Sunninghill, Ascot, Berkshire, SL59TA, England, UK.
GPS Latitude,Longitude = 51.39697,-0.66005
Youtube videos with latest first: http://www.youtube.com/user/RobinLovelock/videos
See Contact page. e.g. Track Robin's car C4 GPS on SpotT2 SatComs tracker
* Alternates of http://www.GPSS.co.uk on http://www.gpss.force9.co.uk , http://www.gpss.co.uk.testurl.co.uk , http://www.tsogpss.co.uk.gridhosted.co.uk , http://www.gpss.co.uk.c51.previewmysite.eu
For http://www.NHSCare.info add /nhscare
Robin Lovelock on robin@gpss.co.uk
Nov 26, 2024, 4:58:00 AM11/26/24
to Colin Sauze, Colin Sauze' via Microtransat Microtransat, ROBINLOVELOCKSFRIENDS
Many Thanks Colin - excellent advice - this looks extremely risky.
I had hoped there might be a trusted, ideally government* run service
that does a simple https -> their service ->http: process.
* MAYBE USA, or UK, or maybe better if USA/UK/RUSSIA/CHINA ? - not likely.
I'll sign off with what has been at the end of my "Home" page http://www.gpss.co.uk for years,
occasionally updated as companies buy hosting companies - maybe to aquire their customer base.
Even large well known companies do not know who is working for them "at the sharp end" ;-)
Maybe one of my other friends, will have a solution.
Just a reminder that during the 1970s working for NATO I spent a week at GCHQ Cheltenham
with staff working for me on SHEWS - but that's ancient history http://www.gpss.co.uk/robinscv.htm
I won't say much more than some of my friends & family work in similar fields in recent years ;-)
Thanks again - now that sign off ...
There have been 
.
Over 50% of the World's Population of 8 billion people are now on the Net. Thank God they don't all visit this site at once :-)
Some may wish to bookmark these sites below. Some people have all the site on DVD or a USB stick. Your browser is on 
This www.GPSS.co.uk has hundreds of pages, and supports sites such as www.gpshobby.info and www.NHSCare.info . It is hosted on http://gpss.co.uk.c51.previewmysite.eu , http://www.tsogpss.co.uk.gridhosted.co.uk * , http://gpss.co.uk.testurl.co.uk , and www.gpss.force9.co.uk .
The hosting on user28153.vs.easily.co.uk also worked well for many years, until August 2020. Company* aquisitions resulted in problems - mostly fixed. * See Endurance International Group, including Newfold Digital on Wiki. TSO has not updated since April 2024, following lack of support. See end of Host Europe Group . Don't blame the Technical Support Guys - they do what they are told ;-) You may research these companies yourself on the Net :-)
Other domains of Robin, such as www.gpshobby.info are hosted in sub-folders, such as gpss.co.uk.testurl.co.uk/caching . Thank you guys, who provide Easily.uk Email Technical Support, wherever you are. e.g. Ukraine, China, Philipines, or wherever. Thanks to the guys who provide Easily.uk Voice Support from New Brunswick, Canada. Please see Robin's "EASY" page to help Easily Support Guys for the latest information. I can make changes, but let us fix your remaining problems :-)
On Monday, November 25, 2024 at 11:43:11 PM GMT, Colin Sauze <colin...@gmail.com> wrote:
Robin,
I'm not sure who is hosting your websites these days, many web hosts
have an easy option to just enable https on your site.
Traditionally they would charge you for a certificate and do some ID
verification since a major part of https isn't just encryption, it's
verifying the site is the one it claims to be.
These days there is a popular free service called Lets Encrypt. This
works by you requesting a certificate from them, they send you a
random string of data and you place this in a file on your website,
that they check to prove you control the site. They'll then create a
certificate for you and send it to you. They have a program that
completely automates this process. The certificates are only valid for
3 months, this is an intentional choice to force people to automate
the entire process.
Many hosting providers can do all this behind the scenes for you,
others require you to do it yourself and upload a certificate, other's
allow you to install the letsencrypt software.
There's more information about doing this at
https://letsencrypt.org/getting-started/
There isn't really any risk going to https, you can even run both http
and https, but standard practice is to have the http site redirect to
the https one. The only catch is that most https sites now use
something called hsts, where if you visit a site over https your
browser remembers that the site was https and won't allow subsequent
visits over http. This is designed to prevent encryption downgrade
attacks where the https site is blocked by an attacker and the victim
is forced to use a compromised http site. If you have hsts enabled
then you can't really stop using https or else people will get an
error when visiting your site.
Hope this helps.
Colin
I'm not sure who is hosting your websites these days, many web hosts
have an easy option to just enable https on your site.
Traditionally they would charge you for a certificate and do some ID
verification since a major part of https isn't just encryption, it's
verifying the site is the one it claims to be.
These days there is a popular free service called Lets Encrypt. This
works by you requesting a certificate from them, they send you a
random string of data and you place this in a file on your website,
that they check to prove you control the site. They'll then create a
certificate for you and send it to you. They have a program that
completely automates this process. The certificates are only valid for
3 months, this is an intentional choice to force people to automate
the entire process.
Many hosting providers can do all this behind the scenes for you,
others require you to do it yourself and upload a certificate, other's
allow you to install the letsencrypt software.
There's more information about doing this at
https://letsencrypt.org/getting-started/
There isn't really any risk going to https, you can even run both http
and https, but standard practice is to have the http site redirect to
the https one. The only catch is that most https sites now use
something called hsts, where if you visit a site over https your
browser remembers that the site was https and won't allow subsequent
visits over http. This is designed to prevent encryption downgrade
attacks where the https site is blocked by an attacker and the victim
is forced to use a compromised http site. If you have hsts enabled
then you can't really stop using https or else people will get an
error when visiting your site.
Hope this helps.
Colin
> --
> You received this message because you are subscribed to the Google Groups "Microtransat" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to microtransat...@googlegroups.com.
> To view this discussion, visit https://groups.google.com/d/msgid/microtransat/1628422239.1578728.1732573575004%40mail.yahoo.com.
> You received this message because you are subscribed to the Google Groups "Microtransat" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to microtransat...@googlegroups.com.
> To view this discussion, visit https://groups.google.com/d/msgid/microtransat/1628422239.1578728.1732573575004%40mail.yahoo.com.
Mikolaj Halber
Nov 26, 2024, 7:06:13 AM11/26/24
to Robin Lovelock on robin@gpss.co.uk, Colin Sauze' via Microtransat Microtransat, ROBINLOVELOCKSFRIENDS
Hi Robin,
Nowadays, the main solution for this is https://letsencrypt.org/, they
offer guides for variety of types of setups here:
https://letsencrypt.org/getting-started/.
I have had great experience with them over the past decade, given that
this is a free service as you can have auto-renewing HTTPS certificates
with them and for as many domains as you need.
All the best,
Mikolaj Halber
On Mon Nov 25, 2024 at 10:26 PM GMT, 'Robin Lovelock on ro...@gpss.co.uk' via ROBINLOVELOCKSFRIENDS wrote:
> Hi Guys. I'm guessing Colin Sauze may provide the most reliable answer to my subject question.
> i.e. give result that https://www.gpss.co.uk is forwarded (through appropriate logic) to http://www.gpss.co.uk
> e.g.of Colin's help: When I got a QR code, simply looking on the Net, I used one that DID NOTlink directly to http://www.gpss.co.uk but to their own site, meaning they suddenlystarted to charge money, and goodness knows what else. BUT Colin's adviceled to that simple free DOS program that did the job perfectly.
> When I got these domains, many years ago, I thought that I owned them.e.g. if I did a "Who is" on the domain, they gave my own details like name, address, etc.BUT, over the years, changes in hosting ( I have several alternates, but one controls it )there is doubt in my mind if the https->http would be OK.
>
> Robin Lovelock, 22 Armitage Court, Sunninghill, Ascot, Berks, SL5 9TA, UKLandline 44 1344 620775
> Take Care, Stay Safe, and enjoy life while we can :-)http://www.GPSS.co.uk * , http://www.NHSCare.info , http://www.GPSHobby.info UK Landline: (UK+44) 01344 620775. Mobile: 07736 353 404.Robin Lovelock, 22 Armitage Crt, Sunninghill, Ascot, Berkshire, SL59TA, England, UK.GPS Latitude,Longitude = 51.39697,-0.66005Youtube videos with latest first: http://www.youtube.com/user/RobinLovelock/videos See Contact page. e.g. Track Robin's car C4 GPS on SpotT2 SatComs tracker* Alternates of http://www.GPSS.co.uk on http://www.gpss.force9.co.uk , http://www.gpss.co.uk.testurl.co.uk , http://www.tsogpss.co.uk.gridhosted.co.uk , http://www.gpss.co.uk.c51.previewmysite.eu For http://www.NHSCare.info add /nhscare
Nowadays, the main solution for this is https://letsencrypt.org/, they
offer guides for variety of types of setups here:
https://letsencrypt.org/getting-started/.
I have had great experience with them over the past decade, given that
this is a free service as you can have auto-renewing HTTPS certificates
with them and for as many domains as you need.
All the best,
Mikolaj Halber
On Mon Nov 25, 2024 at 10:26 PM GMT, 'Robin Lovelock on ro...@gpss.co.uk' via ROBINLOVELOCKSFRIENDS wrote:
> Hi Guys. I'm guessing Colin Sauze may provide the most reliable answer to my subject question.
> i.e. give result that https://www.gpss.co.uk is forwarded (through appropriate logic) to http://www.gpss.co.uk
> Now to my subject question, starting with a relevant extract >>>Colin:p.s. I love how you think that an unencrypted man-in-the-middleable
> protocol like HTTP is trusted.
> p.p.s All UK government sites under gov.uk, mod.uk, ac.uk etc are
> HTTPS. HTTPS has been standard practice for over a decade now and not
> all certificate agencies are American.<<<Robin:First the off-topic BTW/P.S. : you are, of course, correct: https://en.wikipedia.org/wiki/HTTPS<<<<
> Looking at above, I saw places I could go, BUT wondered if there were risks.I would probably start with the least important of my domains: http://www.gpshobby.infothen, if no problems seen, do http://www.nhscare.info then, finally, http://www.gpss.co.uk
> protocol like HTTP is trusted.
> p.p.s All UK government sites under gov.uk, mod.uk, ac.uk etc are
> HTTPS. HTTPS has been standard practice for over a decade now and not
> all certificate agencies are American.<<<Robin:First the off-topic BTW/P.S. : you are, of course, correct: https://en.wikipedia.org/wiki/HTTPS<<<<
> When I got these domains, many years ago, I thought that I owned them.e.g. if I did a "Who is" on the domain, they gave my own details like name, address, etc.BUT, over the years, changes in hosting ( I have several alternates, but one controls it )there is doubt in my mind if the https->http would be OK.
> Great if it is a simple and safe process ;-)
> Take CareRobinhttp://www.gpss.co.uk
>
> Robin Lovelock, 22 Armitage Court, Sunninghill, Ascot, Berks, SL5 9TA, UKLandline 44 1344 620775
> Take Care, Stay Safe, and enjoy life while we can :-)http://www.GPSS.co.uk * , http://www.NHSCare.info , http://www.GPSHobby.info UK Landline: (UK+44) 01344 620775. Mobile: 07736 353 404.Robin Lovelock, 22 Armitage Crt, Sunninghill, Ascot, Berkshire, SL59TA, England, UK.GPS Latitude,Longitude = 51.39697,-0.66005Youtube videos with latest first: http://www.youtube.com/user/RobinLovelock/videos See Contact page. e.g. Track Robin's car C4 GPS on SpotT2 SatComs tracker* Alternates of http://www.GPSS.co.uk on http://www.gpss.force9.co.uk , http://www.gpss.co.uk.testurl.co.uk , http://www.tsogpss.co.uk.gridhosted.co.uk , http://www.gpss.co.uk.c51.previewmysite.eu For http://www.NHSCare.info add /nhscare
Robin Lovelock on robin@gpss.co.uk
Nov 26, 2024, 10:35:37 AM11/26/24
to Colin Sauze' via Microtransat Microtransat, ROBINLOVELOCKSFRIENDS, Mikolaj Halber
Thanks Mikolaj for suggestion of (USA based?) letsencrypt.org which prompted Colin's response
>>>
Robin,
"I had hoped there might be a trusted, ideally government* run service
that does a simple https -> their service ->http: process."
Letsencrypt is a trusted service, it was setup by the very well respected Electronic Frontier Foundation and has now been spun off under a non-profit called the Internet Security Research Group. It has the backing of much of the software industry including Google, Amazon, Mozilla, Cisco, IBM and a whole host of smaller ISPs and ecommerce companies.
But what your are describing to wrap an existing http site sounds more like what some of the content delivery networks (CDNs) like Cloudflare offer. I think Cloudflare free tier DDoS protection (https://www.cloudflare.com/en-gb/application-services/products/ddos-for-web/) will do what you want and will provide its own SSL certificate. This also has the bonus that Cloudflare will cache a copy of your page at each of its content delivery centres around the world, so when people request the page they'll usually get a copy from their local cache which will load faster and if you have a temporary outage it will still be possible to see the site.
Colin
<<<
I took a glance at the site, and saw an office in San Fransisco USA, near friends for many years,
and the nature of the business means I'm sure it will have the approval of the USA Government.
I have friends in the lowest and highest of places around the World including USA ;-)
I won't say anything about Colin other than what is public on the Net,
but it was great to hear from you Mikolaj, after we met in Swindon,
and gave me that ADCIS mug, and made a return visit to Sunninghill.
The following may seem irrelevant but I'm learning all the time :-) >>>
Let me see what I can find ...EASAMS on http://www.gpss.co.uk/easams.htm
- but I'm sure there will be a mention somewhere line a Family Newsletter ..
http://www.gpss.co.uk/family.htm ... enjoyed scrolling through newsletters 2023->2018 but nothing :-(
Similar problem finding the video - UNTIL I googled "mikolaj robin lovelock adcis mug"
22.3 minute video showing June & Robin Lovelock's trip to Swindon, to meet, then collect an EASAMS mug, from Mikolaj Halber. Mikolaj had recently purchased the mug from the Salvation Army Charity shop in Swindon for the princely sum of 20p. i.e. 0.2 Pounds Sterling. He'd googled "EASAMS", found Robin's page www.gpss.co.uk/easams.htm then emailed Robin, after looking at the "Contact" page. This EASAMS/ADCIS mug is of great value to Robin, and they soon agreed a suitable price - "cash in hand" :-) Robin was amazed at the knowledge of this young M.Sc guy, after only a few minutes of looking at the quickly exchanged emails. His University education had been with the SOAS (School of Oriental and African Studies". The lady chanceller is also a BBC Reporter. He works for a major semiconductor corporation - and much more ;-) June & Robin set off, and arrived close to their estimated ETA of 1300 at his home. Anyone could see where they went on the live SPOT Saltcomms tracker, like that in Snoopy's Robot Boat - recently home after two months at sea. June, Robin, and Mikolaj had a brief pub lunch, near his home, then hit the road back to Sunninghill, in heavy rain showers. You will see much of the centre of Ascot, where they stopped for things like digby wallets, reading glasses, and mouth wash - because of Robin's cheese & onion roll :-) After a quick edit of this rough cut video, June & Robin attended a large meeting hosted by SPAE ( Society for Protection of Ascot and Environs ) on the subject of the development of Ascot - including adjacent to The Royal Ascot Tennis Club, where June plays tennis. BUT this video is not about that - it is rather about Robin finding a young but very knowledgable guy ;-) Maybe Mikolaj can travel to Sunninghill soon, and see the right things and people ;-)
Mikolaj's visit to Sunninghill will have been later ;-)
I look forward to catching up with Mikolaj, wherever he is now:
best start a new thread if on ROBINLOVELOCKSFRIENDS ;-)
BUT - back to http->https - it's a good job that Mikolaj still visited http://www.gpss.co.uk/easams.htm
or I would not have met him, and that historic EASAMS ADCIS mug.
Many subjects get discussed in our village, including NATO being born in Sunninghill
ref http://www.gpss.co.uk/johnman.htm Americans/Canadians/Poles moving here
Yesterday I was told Polish airmen here shot down more than anyone in the Battle of Britain.
Not if they had heard of that Polish invention "the leading wire antenna" - sorry Mikolaj ;-)
I wonder if any of you are permitted to set up that https->(thing)->http
e.g. starting on something less important like http://www.gpss.co.uk/tody.htm
If you make a mess of it, I can always set Tody on you - naa just joking :-)
Not difficult to copy html into your own web space,
but much better if it went direct into mine ( replicated).
Thanks again guys - off to our village in due course - track me if you wish ;-)
Robin
--
You received this message because you are subscribed to the Google Groups "Microtransat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to microtransat...@googlegroups.com.
You received this message because you are subscribed to the Google Groups "Microtransat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to microtransat...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/microtransat/D5W3E5181P62.L7R7EM1DORNX%40riseup.net.
Reply all
Reply to author
Forward
0 new messages