[Lazarus] https website for Lazarus

[Marc Weustink]

As a test I used Letsencrypt for my own site. If successful then I 
planned to update Lazarus. My first automated certificate update went 
smooth, so Lazarus is next.

One mayor issue with Letsencrypt is that all automated update processes 
re-generate the CSR. Since our hoster supports dnsseq you don't want 
that. So I spent some time to create my own update scripts using my own 
CSR. Since these proved OK, Lazarus is next.

Marc

BTW, subdomains shouldn't be a problem

Anthony Walter wrote:
> I just thought I'd share my experience with http://www.getlazarus.org
>
> I added https to it a few months ago using let's encrypt. The experience
> was pretty easy.
>
> The only hiccup I had/still have is that I serve images/video using S3
> with a subdomain CNAME to improve performance. I had to use a separate
> certificate from Amazon for that content else I wouldn't get the green
> badge to the left the URL in every browser. Amazon's tool to get a
> certificate for S3/Cloudfront buckets is straight forward enough.
>
> You can find non secure items on a page like in the scenario I described
> above using any browsers developers tools console window. It will warn
> about your security errors at the top of the console.
>
> Finally, switch to using // in your html and css when specifying website
> links/resources. This causes the client to use the same protocol for
> those items which was used to request the main page. That is say image:
> url(//images.mysite.org/banner.jpg
> <http://images.mysite.org/banner.jpg>) vs
> url(https://images.mysite.org/banner.jpg).