If you’ve visited and gotten some dire HTTPS warnings, they should be gone now. I’ve taken down the old HTTPS certificate system since it stopped working correctly. You might need to clear your browser cache for the site if you’re still getting warnings. From here out, you should just see your browser’s “no HTTPS” indicator — usually an unlocked padlock, or “
https” or similar.
HTTPS is helpful for encrypting data exchanged between your computer and a server — like your bank, or a web-based email system. But it’s not terribly useful for something like a blog, that you just visit and read. Unfortunately, Google and other search engines as well as browser developers had been on a campaign to push everything to HTTPS. It’s created a false sense of security on the Internet. In real life, I’m a systems administrator and I deal with HTTTPS certificates a lot. They cost money (unless you use LetsEncrypt) and consume time to tend to them — and, sadly, bypassing them by malicious actors has become too easy. HTTPS security is nice, but also broken. Worse, the attempt to close some of the security holes by making them expire more frequently has only made more work for admins and more profit for certificate issuers. And even “free” LetsEncrypt certificates are affected because WordPress plugin developers have all decided to make auto-renewal for “free” certificates a paid premium option. Or web hosts choose not to integrate LetsEncrypt and instead partner with a commercial certificate issuer only. It’s become a money-maker for third parties — and meanwhile the underlying security of the Web is still compromised.
So for now HTTPS on the site is gone. If someone respects the free/open source software community that created LetsEncrypt enough to produce a full-featured plugin to support it, I might bring it back. Otherwise, plain HTTP will have to do.