I finally installed an SSL certificate on my website

Back when I started really getting into web development and coding, SSL certificates and having your website start with https:// wasn’t really a common thing. I helped run a few other websites for e-commerce companies, and they needed SSL certificates to ensure their clients’ information wouldn’t be stolen, but I personally didn’t sell anything on my own website, so I never bothered with it. … This was nearly two decades ago.

Nowadays, having an SSL certificate is considered normal and standard for all websites, even if you don’t sell products. They’re also free now, very contrary to having to pay a decent chunk of money for them a decade or so ago. I like to keep up with modern trends and make sure things are secure, but I hesitated from immediately implementing an SSL certificate – not because I didn’t care to do it, but because I realized there was something I did a handful of years ago that would make SSL certificate implementation extremely difficult.

Namely, when I set up my .htaccess file to have rewrite rules for formatting my website’s URLs, I did so in a very disorganized and makeshift manner that was incredibly inefficient. Basically, I dreaded having to go back and try to understand my thought process from several years ago in order to reverse engineer it, implement the rewrite rules properly, then make sure there were no infinite redirect loops that would keep forwarding the https:// URLs to http://.

It was obviously a waste of time that could’ve been avoided if I did it properly the first time, but I managed to put in an extra 15 or so minutes to get everything fully figured out and for the SSL certificate to work properly. … Or so I thought.

My next problem? When I went to my brand new https:// website, Google Chrome insisted on telling me that the website, although it had an SSL certificate, wasn’t actually secure – it claimed that I was loading stuff from insecure sources. That was definitely reasonable, and I spent an additional 15 minutes combing through the rest of my code and making sure all my scripts and extra includes were being called securely via their https:// versions.

But that still didn’t work.

And here ensured a series of events worthy of Benny Hill music, where I went around in circles trying to figure out why my website kept calling an insecure version of my header font. It ended up being a combination of the font being hosted in an unexpectedly different theme folder for some reason, combined with the fact that I use both W3 Total Cache and Cloudflare caching at the same time for website speed optimization.

After spending yet again an extra additional 15 minutes on that alone, after nearly an hour, my SSL certificate was installed and active on my website.

As for the lesson of the day… make sure you keep a log of notes of all the stuff you’ve done in the past. If not, then at least do things correctly the first time.