What is the cheapest way to secure a web site

  • Thread starter Borg
  • Start date
  • Tags
    Web
In summary, a friend of mine is unable to connect to an existing website that I created on a Raspberry Pi because newer browsers do not accept the self-signed certificate that I use. I am looking into getting a real server certificate, which will cost me $15/year. There are alternatives to this solution, such as using a VPN, but I haven't researched them yet.
  • #1
Borg
Science Advisor
Gold Member
2,202
4,523
I have an existing website that I created on a Raspberry Pi at home and have locked it down with a self-signed certificate. I have been getting by fine because I've been using an older browser that allows me to accept the certificate and continue on to the site. However, the newer browsers don't allow that and just deny any access at all which is making it impossible for a friend of mine to connect to the site.

So, I've started looking into getting a real server certificate which is leading to a chain of expenses that I would rather not incur. Server certs require a domain name which then costs a yearly fee. I've looked at several domain name sites and there seems to be a lot of hidden fees, add-ons and other expensive gotchas that you have to watch for.

My question is whether there are alternatives to what I'm trying to solve (accessibility) or what is the cheapest way to get a valid certificate on my server that will be recognized properly by most browsers. I have looked at https://letsencrypt.org/certificates/​​​ for free certs and several domain name sites for purchasing a domain. GoDaddy is cheap for the first year and gets expensive the following years. You also have to pay an extra yearly fee to keep your personal info off of the whois directory. I also looked at Namecheap.com that seems to be a better deal and allows private whois registration. However, I have no experience with these things and could really use some advice from those who have been through this.

Thanks in advance.
 
Last edited by a moderator:
Technology news on Phys.org
  • #2
Does your friend have a static IP? Then you could just drop packets to port 80 that originate anywhere else.
 
  • #3
Vanadium 50 said:
Does your friend have a static IP? Then you could just drop packets to port 80 that originate anywhere else.
I'm not sure that I follow how that would work. The server is configured to run SSL on 8443.
 
  • #4
Does the information being sent to and from the pi need to be strictly encrypted?
 
  • #5
cpscdave said:
Does the information being sent to and from the pi need to be strictly encrypted?
Yes. There will be personal information on the server for multiple users.

Based on my research so far, I think that it will cost me about $15 / year for a domain name, free cert and hiding my whois info. I don't know if there is a better or cheaper way to do this though.
 
  • #6
There's no getting around SSL cert for public access, anything else is vulnerable and browsers will say so. For private access, you can tunnel http through any shared key encryption schema, but you have to share the keys before hand. You could even probably do this through javascript.
 
  • Like
Likes Pepper Mint
  • #7
Borg said:
Yes. There will be personal information on the server for multiple users.

Based on my research so far, I think that it will cost me about $15 / year for a domain name, free cert and hiding my whois info. I don't know if there is a better or cheaper way to do this though.

It's only $ 15 / year, sure you can't afford that? You have a lot in return having your own signed certificate and domain name.
 
  • #8
Borg said:
...However, the newer browsers don't allow that and just deny any access at all which is making it impossible for a friend of mine to connect to the site...
Please tell us what 'new' browsers your are using and how you configured them to use your self-signed certificate along with the error returned as its rejection.
Yes. There will be personal information on the server for multiple users.
...
Then you may have to spend some fee on SSL certificate to secure your sensitive data sent to and through every hop in your network.
 
  • Like
Likes anarchean
  • #9
Pepper Mint said:
Then you may have to spend some fee on SSL certificate to secure your sensitive data sent to and through every hop in your network.

I completely agree here. You spend some extra bucks and get
A) Encryption
B) Authentication

If you really don't want to spend the money, have you considered using a VPN?
 
  • #10
Fooality said:
There's no getting around SSL cert for public access, anything else is vulnerable and browsers will say so. For private access, you can tunnel http through any shared key encryption schema, but you have to share the keys before hand. You could even probably do this through javascript.
Yes, I definitely want to use a cert as I'm currently doing. I could share the keys but I haven't done something like that before. Plus the other person is very computer illiterate. It is painful to walk him through anything over the phone. I literally have to confirm every instruction and continually ask what he is looking at.
Pepper Mint said:
Please tell us what 'new' browsers your are using and how you configured them to use your self-signed certificate along with the error returned as its rejection.
At home, I'm using Firefox 26. I also have 38 installed but that won't let me in. Oddly, I have version 38 on my work computer and that one let's me into the site with my self-signed cert. That leads me to believe that there is a way to configure the browser through about:config or the registry that will override the default setting. Hence, my question about a better way to do this.
anarchean said:
It's only $ 15 / year, sure you can't afford that? You have a lot in return having your own signed certificate and domain name.
I didn't say that I couldn't afford it, I just don't like to waste money. :oldsmile:
 
Last edited:
  • #11
You can get a site hosted for $5 a month through ApisNetworks on their low-end package. I've been using them since 2005, and I think my websites have gone down a total of 5 hours.

It's the cheapest solution for a website without having to purchase any home equipment and worrying about security to your home network and web server.
 
  • #12
elusiveshame said:
You can get a site hosted for $5 a month through ApisNetworks on their low-end package. I've been using them since 2005, and I think my websites have gone down a total of 5 hours.

It's the cheapest solution for a website without having to purchase any home equipment and worrying about security to your home network and web server.
Thanks for the info. However, I am hosting my own site on a Raspberry Pi 2 at home. Part of what I'm learning is working with the Pi. I may someday connect various items at home to the Pi and control them through the website that's on the server currently.
 
  • #13
You may be able to use one of the ddns services. That would be totally free. Check with Let's Encrypt to see if your chosen ddns service is compatible. They have a list.

Borg said:
I just don't like to waste money.
You already wasted $35 on the raspberry pi and obviously are wasting money on electricity and internet service. I would suspect you wasted a bit of money on food recently too. Such flagrant disregard for frugality!

BoB
 
  • Like
Likes Borg
  • #14
Borg said:
Thanks for the info. However, I am hosting my own site on a Raspberry Pi 2 at home. Part of what I'm learning is working with the Pi. I may someday connect various items at home to the Pi and control them through the website that's on the server currently.

Okay. Let me tell what I'm doing. You see if this is good for you.

I have a home server, (an old Acer notebook, core i3, 4gb ram), it hosts some services (cloud storage, gitlab, probably email soon). The server works through a OpenVPN tunnel, and has only one port open (the OpenVPN) one.
The devices connected to this server are: my computer, my cell (Android), my girlfriend's computer, my girlfriend's cell (also Android) and my mother's cell (iPhone).

All communication is protected by TLSv1.3 using AES-256 and HMAC-SHA512 for authentication.

When a need to connect another device in the network I generate a certificate for that device and register it on the server (
Code: 
./build-key device_name
with easy-rsa. Yeap, that easy).

All communications secured, I can do whatever I want with the computers in this network, it's safe. You don't need https. You can use http.

I have an dynamic IP, so I use a DDNS service (Namecheap). Now, to facilitate access to the services inside this network, I'll soon install BIND on the server and use DNS to point to devices in the network. Once the OpenVPN clients are configured, you don't need to be not even close to smart to connect.

Now, this is a *private* network. If you're going public, get the certificate.

I hope that helps. Ohhh! One more thing, all computer are using Linux. I don't know how things are on Windows/Mac. (I imagine it should be essentially the same for *BSD)

PS: I put a lot of time in this, make sure you have the time.
 
Last edited:
  • Like
Likes Pepper Mint and Borg
  • #15
Not all cheap web hosting services are bad The best way to fight this issues is to simply avoid these web hosts and go somewhere else.
 

FAQ: What is the cheapest way to secure a web site

1. What is the cheapest way to secure a web site?

The cheapest way to secure a web site is by using a SSL (Secure Sockets Layer) certificate. This is a digital certificate that encrypts sensitive information between a web server and a client's browser, ensuring that the data cannot be intercepted or read by unauthorized individuals.

2. How much does a SSL certificate cost?

The cost of a SSL certificate can vary depending on the provider and level of security. On average, a basic SSL certificate can cost around $50-$100 per year.

3. Can I use a free SSL certificate instead?

Yes, there are some providers that offer free SSL certificates, such as Let's Encrypt. However, these certificates may have limited features and may not provide the same level of security as paid certificates.

4. Is a SSL certificate the only way to secure a web site?

No, there are other ways to secure a web site such as using a web application firewall, implementing secure coding practices, and regularly updating software and plugins. However, a SSL certificate is an essential and cost-effective way to secure a web site.

5. How do I know if a web site is secured?

You can tell if a web site is secured by looking at the URL. A secured web site will have "https://" at the beginning instead of "http://". It may also have a lock icon next to the URL in the browser. You can also click on the lock icon to view the details of the SSL certificate and ensure it is valid and up-to-date.

Similar threads

What programs to learn for IT and web design?
Replies
13
Views
1K
What do i need to know to write browser addons?
Replies
2
Views
1K
Looking for a web-hosting service
Replies
9
Views
2K
Engineering What jobs can I get with a PhD in EE and web development skills?
Replies
15
Views
3K
Discover Tab for a Cause: A Charitable Way to Browse the Web!
Replies
1
Views
3K
How Did a Former Programmer Transition to Forum Administration and Web Coding?
Replies
13
Views
953
PHP Secure Members Area: PHP Solution for No SQL Hosting
Replies
2
Views
2K
What's the best way to break bad speech habits?
Replies
1
Views
822
Quantum Workforce Elements, Toolbox for QIS Programs at Universities
Replies
1
Views
1K
What's the best route for a mini road trip to Johnson City, Tennessee?
Replies
8
Views
1K

Hot Threads

Recent Insights

Back
Top