Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

What is the cheapest way to secure a web site

  1. Jun 14, 2016 #1


    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    I have an existing web site that I created on a Raspberry Pi at home and have locked it down with a self-signed certificate. I have been getting by fine because I've been using an older browser that allows me to accept the certificate and continue on to the site. However, the newer browsers don't allow that and just deny any access at all which is making it impossible for a friend of mine to connect to the site.

    So, I've started looking into getting a real server certificate which is leading to a chain of expenses that I would rather not incur. Server certs require a domain name which then costs a yearly fee. I've looked at several domain name sites and there seems to be a lot of hidden fees, add-ons and other expensive gotchas that you have to watch for.

    My question is whether there are alternatives to what I'm trying to solve (accessibility) or what is the cheapest way to get a valid certificate on my server that will be recognized properly by most browsers. I have looked at https://letsencrypt.org/certificates/​​​ [Broken] for free certs and several domain name sites for purchasing a domain. GoDaddy is cheap for the first year and gets expensive the following years. You also have to pay an extra yearly fee to keep your personal info off of the whois directory. I also looked at Namecheap.com that seems to be a better deal and allows private whois registration. However, I have no experience with these things and could really use some advice from those who have been through this.

    Thanks in advance.
    Last edited by a moderator: May 8, 2017
  2. jcsd
  3. Jun 14, 2016 #2

    Vanadium 50

    User Avatar
    Staff Emeritus
    Science Advisor
    Education Advisor
    2017 Award

    Does your friend have a static IP? Then you could just drop packets to port 80 that originate anywhere else.
  4. Jun 14, 2016 #3


    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    I'm not sure that I follow how that would work. The server is configured to run SSL on 8443.
  5. Jun 14, 2016 #4
    Does the information being sent to and from the pi need to be strictly encrypted?
  6. Jun 14, 2016 #5


    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    Yes. There will be personal information on the server for multiple users.

    Based on my research so far, I think that it will cost me about $15 / year for a domain name, free cert and hiding my whois info. I don't know if there is a better or cheaper way to do this though.
  7. Jun 14, 2016 #6
    There's no getting around SSL cert for public access, anything else is vulnerable and browsers will say so. For private access, you can tunnel http through any shared key encryption schema, but you have to share the keys before hand. You could even probably do this through javascript.
  8. Jun 14, 2016 #7
    It's only $ 15 / year, sure you can't afford that? You have a lot in return having your own signed certificate and domain name.
  9. Jun 14, 2016 #8
    Please tell us what 'new' browsers your are using and how you configured them to use your self-signed certificate along with the error returned as its rejection.
    Then you may have to spend some fee on SSL certificate to secure your sensitive data sent to and through every hop in your network.
  10. Jun 15, 2016 #9
    I completely agree here. You spend some extra bucks and get
    A) Encryption
    B) Authentication

    If you really don't want to spend the money, have you considered using a VPN?
  11. Jun 15, 2016 #10


    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    Yes, I definitely want to use a cert as I'm currently doing. I could share the keys but I haven't done something like that before. Plus the other person is very computer illiterate. It is painful to walk him through anything over the phone. I literally have to confirm every instruction and continually ask what he is looking at.
    At home, I'm using Firefox 26. I also have 38 installed but that won't let me in. Oddly, I have version 38 on my work computer and that one lets me into the site with my self-signed cert. That leads me to believe that there is a way to configure the browser through about:config or the registry that will override the default setting. Hence, my question about a better way to do this.
    I didn't say that I couldn't afford it, I just don't like to waste money. :oldsmile:
    Last edited: Jun 15, 2016
  12. Jun 16, 2016 #11
    You can get a site hosted for $5 a month through ApisNetworks on their low-end package. I've been using them since 2005, and I think my websites have gone down a total of 5 hours.

    It's the cheapest solution for a website without having to purchase any home equipment and worrying about security to your home network and web server.
  13. Jun 16, 2016 #12


    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    Thanks for the info. However, I am hosting my own site on a Raspberry Pi 2 at home. Part of what I'm learning is working with the Pi. I may someday connect various items at home to the Pi and control them through the web site that's on the server currently.
  14. Jun 16, 2016 #13


    User Avatar
    Gold Member

    You may be able to use one of the ddns services. That would be totally free. Check with Let's Encrypt to see if your chosen ddns service is compatible. They have a list.

    You already wasted $35 on the raspberry pi and obviously are wasting money on electricity and internet service. I would suspect you wasted a bit of money on food recently too. Such flagrant disregard for frugality!

  15. Jun 17, 2016 #14
    Okay. Let me tell what I'm doing. You see if this is good for you.

    I have a home server, (an old Acer notebook, core i3, 4gb ram), it hosts some services (cloud storage, gitlab, probably email soon). The server works through a OpenVPN tunnel, and has only one port open (the OpenVPN) one.
    The devices connected to this server are: my computer, my cell (Android), my girlfriend's computer, my girlfriend's cell (also Android) and my mother's cell (iPhone).

    All communication is protected by TLSv1.3 using AES-256 and HMAC-SHA512 for authentication.

    When a need to connect another device in the network I generate a certificate for that device and register it on the server (
    Code (Text):
    ./build-key device_name
    with easy-rsa. Yeap, that easy).

    All communications secured, I can do whatever I want with the computers in this network, it's safe. You don't need https. You can use http.

    I have an dynamic IP, so I use a DDNS service (Namecheap). Now, to facilitate access to the services inside this network, I'll soon install BIND on the server and use DNS to point to devices in the network. Once the OpenVPN clients are configured, you don't need to be not even close to smart to connect.

    Now, this is a *private* network. If you're going public, get the certificate.

    I hope that helps. Ohhh! One more thing, all computer are using Linux. I don't know how things are on Windows/Mac. (I imagine it should be essentially the same for *BSD)

    PS: I put a lot of time in this, make sure you have the time.
    Last edited: Jun 17, 2016
  16. Jul 4, 2016 #15
    Not all cheap web hosting services are bad The best way to fight this issues is to simply avoid these web hosts and go somewhere else.
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook

Have something to add?
Draft saved Draft deleted