In trying to harden my WordPress install that’s hosted on Linode I decided to enable https for encrypting the login page. At first I just went with the old self-signed certificate route and it was fine but boy did I have to jump through some hoops to get iOS/my iPhone to play nicely.
Then I noticed that Google’s Chrome browser was giving me a “not secure” message on my site (and on the other sites I host on Linode) and realized that Google no-likey the self-signed certificates and further research showed that Google may actually penalize your site in search results if you don’t have a CA-signed SSL cert.
I didn’t want to pay for an SSL cert just to encrypt my WordPress login and googling didn’t return much until I came across Linode’s great documentation for Securing HTTP Traffic with Certbot.
Here I learned about Let’s Encrypt and the way they handle requesting certificates. Super, super cool. And Free. And with the instructions from Linode it was so easy to do.
And now none of my hosted sites are getting that pesky Not-Secure error from Google Chrome!