{"items": [{"author": "Alex", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=903671712522", "anchor": "fb-903671712522", "service": "fb", "text": "There is also the concern that the redirect is itself insecure and could send someone to a malicious site that looks like yours. But if people bother to check the address bar after navigating to your site they should be OK.<br><br>Separately, http://www.jefftk.com:8080 redirects to HTTPS for me.", "timestamp": "1507212378"}, {"author": "David", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=903671712522&reply_comment_id=903679911092", "anchor": "fb-903671712522_903679911092", "service": "fb", "text": "&rarr;&nbsp;The common solution to that problem is https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security, but you need to be really sure about HTTPS before using that.", "timestamp": "1507215893"}, {"author": "Jeff&nbsp;Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=903671712522&reply_comment_id=903679931052", "anchor": "fb-903671712522_903679931052", "service": "fb", "text": "&rarr;&nbsp;The redirect is insecure in itself, but has the major side effect that people passing around links to my site in various forms will slowly move to https", "timestamp": "1507215914"}, {"author": "Jeff&nbsp;Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=903671712522&reply_comment_id=903679941032", "anchor": "fb-903671712522_903679941032", "service": "fb", "text": "&rarr;&nbsp;HSTS isn't something I'm ready for yet", "timestamp": "1507215924"}, {"author": "Jeff&nbsp;Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=903671712522&reply_comment_id=903680020872", "anchor": "fb-903671712522_903680020872", "service": "fb", "text": "&rarr;&nbsp;It looks like :8080 redirects to https on mobile Chrome but not desktop when I'm testing it?", "timestamp": "1507215953"}, {"author": "Alex", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=903671712522&reply_comment_id=903682560782", "anchor": "fb-903671712522_903682560782", "service": "fb", "text": "&rarr;&nbsp;This is on Chrome 61.0.3163.100 on Linux desktop in an incognito window", "timestamp": "1507216849"}, {"author": "Andrew", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=903671712522&reply_comment_id=903682900102", "anchor": "fb-903671712522_903682900102", "service": "fb", "text": "&rarr;&nbsp;Why are you renewing a 90-day cert daily?", "timestamp": "1507216977"}, {"author": "Jeff&nbsp;Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=903671712522&reply_comment_id=903683962972", "anchor": "fb-903671712522_903683962972", "service": "fb", "text": "&rarr;&nbsp;Andrew it only actually renews as needed, and then only restarts nginx if it renews<br><br>The recommended frequency is actually twice daily: \"if you're setting up a cron or systemd job, we recommend running it twice per day (it won't do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let's Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks\"", "timestamp": "1507217488"}, {"author": "Jeff&nbsp;Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/903663598782?comment_id=905650407202", "anchor": "fb-905650407202", "service": "fb", "text": "With www.krackattacks.com (WPA broken) there's even more reason to be using https everywhere", "timestamp": "1508182118"}]}