Autocade finally got a secure certificate. The reason it took so long: people who make these things write convoluted instructions to lock out laypeople, or they are simply wrong.
The Autocade one is through Let’s Encrypt, which has a confusing website. It linked to instructions for our web host, Hetzner, which were plain wrong.
The description bore no similarity to what I actually saw in the dashboard, and it was through a lot of trial and error—for an hour—before I found the correct process.
Unfortunately, I didn’t document it since it was all random, but I do recall that I had to go into the hosting settings to turn on SSL encryption before going to the page to issue or request a certificate. The instructions don’t tell you that first step.
The reason I kept trying was that when I first went in, there was a link to request a Let’s Encrypt certificate—one which vanished on a second attempt, despite using the same keystrokes. We once again come to another adage of computing: the definition of sanity is doing the same thing and expecting a different result. Because in computing, you realistically can. Somewhere along the line you might do something to restore the box to the state it was in, even though you did nothing to take it out of that state yourself.
I could have thrown the whole thing on Cloudflare with its automated SSL process, but I know the controversies behind the site. I also wanted the Autocade counter to remain accurate, and I had been told by IT people that putting it on to Cloudflare would see to an end to that.
Now that I know, there might be some sites that I’ll take off the service.
Things need not be this complicated, as the process was, in fact, quite simple once you knew. In the 2000s I could largely manage these things myself, and I think people wrote in plainer language back then, in the interests of making sure everyone had fair access to technology. When you have to make things this complicated, then it tells me you’re hiding something—possibly the simplicity of a task that you’d like to charge the earth for.
Now to see if traffic patterns change, as we know the big search engines can fall all to pieces when you go from HTTP to HTTPS, and you get penalized in ranking as a result.
PS., September 24: Since I had to do this again today, I took note of the steps. (a) Do make sure that you opt for the web address without the www portion. (b) Then when you apply for the basic certificate, don’t get the wildcard one. And another reminder: the posted instructions are wrong and bear little resemblance to reality. It took me three hours to work this out. No wonder it’s often easier just to stick them through Cloudflare, where the HTTPS stuff takes about 10–15 minutes to sort out. I really don’t feel tech people can judge those of us who use suppliers they might not approve of, since we’ll go where we can get stuff to work. If the industry didn’t make things so convoluted, we might be able to do the things you do.