I set up an SSL certificate for this site today and it was surprisingly easy.

Last time I wanted a free certificate, it was a huge pain. This time it was actually easy. A Google search for "ssl certificates stackoverflow" lead me to the Cheapest web certificates question, which has StartCom's StartSSL listed.

Once I was there, it was relatively simple to set up a certificate. Their validation just consists of sending an email to the owner of the domain, which was convenient enough. They have a way to generate private keys for you, using a hardware random number generator, but it didn't work for me, so I just used OpenSSL:

openssl genrsa -des3 -out brendanlong.key 2048
openssl req -new -key brendanlong.com -out req.csr
# type in a bunch of info

Anyway, once I had a certificate signing request, I pasted it into the site and got a signed certificate.

After that, I needed to make Nginx serve this site using it. Nginx apparently doesn't support certificate chaining, but this site gave a solution to how to serve the certificate and the intermediates: just concatenate them. I did that, then put them on the server, and added this to my nginx.conf:

ssl  on;
ssl_certificate  /etc/nginx/ssl/brendanlong.crt;
ssl_certificate_key  /etc/nginx/ssl/brendanlong.key;

And now you can access this site at https://www.brendanlong.com/.

I also had to update my Google JavaScript and CSS references to use https to avoid the Firefox warning, "This site is partially encrypted".

I'm considering making this the default, since it costs me nothing, but there's also nothing sensitive on this site — the only information that's ever sent is emails (and my email address is posted) and color settings. With that in mind, the main thing holding me back is the extra page load time. This site loads incredibly fast on everything from a normal browser to a phone, but SSL requires an extra two round-trips, which would make it significantly slower on some connections.