How to switch your site to https (with zerossl.com)

The latest feature I intend to add to my Superstars web app are notifications of events finishing and overall winners. This will use the push notification API, part of the trendy new Progressive Web App movement.  However the first thing I discovered is that push notifications require your site to be served over HTTPS, so I had to figure out how to install a secure certificate.

My hosting company – UKWSD – would charge me ~£40 per year to do this without me lifting a finger, but I thought there must be a cheaper way to do this myself, preferably for free.  After some investigations I found zerossl.com who promise “free SSL certificates and free SSL tools for your website”. In the end the process was pretty simple.

  1. Using the FREE SSL Certificate Wizard at https://zerossl.com/free-ssl/ I created a Let’s Encrypt key and a Certificate Signing Request (CSR).  Fill in your email address and domain or sub-domain. Click ‘Next’ once to create the certificate request, and once again to create the private key.
    • GOTCHA – I have never been able to generate certificates for multiple sites, whether it be using a wildcard (*.ajcw.com) or comma separating the domains. Just do one domain at a time.
  2. You don’t need to copy the key and certificate request at this point (the site will give them to you again later), but it will force you to copy the text before you can move on.
  3. You’ll need to verify that you own the domains you are registering. This is done by uploading files to your site(s) with specific strings, for example a file called ciugj_jljdss68HFDFHG7d_zQ7v05c9eQ with the contents  ciugj_WSB9WMmFwVlkjdsluf43ulj8763JGD7dsc834y_zQ7v05c9eQ.0Ge506Z7IxF3wi3FjmvFTLAwKg4MQafxayGHVRdOe-s.
    • GOTCHA – make sure you copy these into the .well-known/acme-challenge/ folder; if there is an error, new keys are generated and you have to create and upload new files.
  4. Your Free SSL Certificate is ready on the next and final page.
  5. Visit the control panel of your site. Hopefully you will have a SSL/TLS section, in which is something like an Install and Manage SSL for your site page.
  6. UKWSD have a form in which you select your domain or subdomain, and have fields to paste in certificate (CRT) and private key. Paste in those generated by zerossl.com.
    • GOTCHA – UKWSD’s control panel doesn’t work if you paste in both generated certificates – you’ll have to paste in only the first one.
  7. Click Install Certificate and you’re good to go.

Be aware the certificates last only three months and so must be renewed four times a year. I’m not yet sure what this process entails.

And that’s it. Finally you’ll want to update your server settings to 301 redirect your site to its new secure version, and you’ll almost certainly have some insecure content like images or scripts that you’ll need to amend.

Good luck, I hope this blog post helps.

 

Top five Grunt tasks for front-end development

Since introducing Grunt into my software development last year it’s not an exaggeration to say it has revolutionised many of my processes. At work we use Grunt throughout the SDLC but our first adoption was for our JavaScript and CSS, and after building websites with Grunt for well over a year, it is now integral to the front-end development of several key projects. In fact those projects that don’t use Grunt now seem outdated.

Over time I’ve experimented with many tasks and even written my own and it’s this experience that has enabled me to produce this top five list of our essential front-end Grunt tasks (I’ve cheated a bit with the counting).

1. CSS preprocessor

Take your pick between Sass and Less (or the little brother Stylus) but a CSS preprocessor is de rigueur these days. I often chose Less and use the lessThemes task to automatically compile our files into themed stylesheets.

What this means is I create individual theme files with different values for each variable, e.g. theme-uk.less and theme-com.less where the @font-family variable is Arial for the UK theme and Verdana for COM. The lessThemes task simply outputs two CSS files, one for each theme.

If you don’t use themes grunt-contrib-less will do nicely and will output just the one CSS file.

2. Concat / CSSmin / Uglify

They may not realise it, but your visitor wants to download the smallest (and fewest) assets from your site, so a single compressed stylesheet and a single compressed JS file is what you should give them. But these are the last things you want to have to maintain as a developer so you’ve probably already split your CSS into multiple files, each one likely defining a specific section of the page such as header and footer, or typography or a component such as search-box.

Concat takes a folder of individual stylesheets or JavaScript and merges them into a single file. CSSmin minifies this file, removing white space, uses shorthand and making other space saving changes while the JS equivalent, Uglify obfuscates your JavaScript, removing white space and shortening variable and function names.

3. Imagemin / SVGmin

Again, this is all about page performance – optimizing your images into the smallest viable file size.

Image optimization has been around for a while, but as a manual task it is easy to either forget, or just do once, omitting any new images created subsequently. Adding it to your build process with Grunt is just one less thing to do in your quest to produce the fastest website – but as always with image compression you should manually select the settings that don’t compromise quality for file size.

Imagemin compresses .jpg and .png files, while SVGmin does the same for SVGs.

4. JShint / CSSlint

I’ve heard criticism of linting, and I agree that the tools that blindly enforce all rules aren’t doing their job properly, but they’re very effective when you understand the rules and can pick and choose those with which you agree.

The linting tools we use for CSS and JS (CSSlint and JShint) are easy to automate with Grunt, giving you and error when any of your house conventions are broken – invaluable in a multi-team engineering department. I don’t run these lints every time I change a file, but once before deployment is a handy safety net.

For both grunt-contrib-csslint and grunt-contrib-jshint we define our rules in external .csslintrc and .jshintrc files in the root of the project.

5. Watch

The watch task is invaluable when using a CSS preprocessor – you can’t use Less or Sass and afford to not Watch.

This task simply monitors a file or folder and if any files are modified it runs another task; in our case we watch the Less files and recompile to CSS when any changes are made. Be careful though to exclude generated files else you’ll be stuck in a loop.

If you want to take your productivity to the next level use the livereload option in Watch that reloads your browser when a change is made. All you then need to do is edit a file and boom, the change is in front of you and you’ve not had to hit F5.

 

Styling the HTML5 placeholder

log in boxOne of the exciting new form enhancements in HTML5  – designed to save hundreds of hours of repeated scripting – is the introduction of the placeholder attribute for form input fields.

In most websites this jiggery-pokery is still be done by Javascript, but the HTML5 browsers of the future (and the webkit browsers of today) support this with a simple form attribute, like so:

<input name="demo1" type="text" placeholder="Lorem ipsum" />

… 

 

Move the refresh button in Firefox and IE9

Here’s my first short post which is about fixing an annoying change that Mozilla revealed in the beta version of Firefox 4.  When I downloaded Beta 9 last week I was horrified to see they’d copied Internet Explorer and moved the refresh button from the top left to the top right…

It’s bad enough in IE, but I only ever use IE for testing so the mouse-up-to-top-left-then-realise-it’s-IE-and-move-across-to-the-right issue is annoying but I don’t lose sleep over it (and F5 is everyone’s friend anyway).

But top-right in Firefox – now that is annoying.

…