As you may be aware, this blog is hosted on wordpress.com — its actual hostname is olsenbloom.wordpress.com — but I have the domain andrewhickey.info mapped to it. This has worked well for me for the last six years, but I may have to change.
The reason is that the internet is slowly moving to HTTPS rather than HTTP, and wordpress.com don’t seem to be happy with that change. You can access wordpress.com sites via HTTPS — visiting https://olsenbloom.wordpress.com doesn’t cause any problems, and actually redirects you to http://andrewhickey.info — but if you try to access https://andrewhickey.info a rather different thing happens, if you’re in a modern browser:
This is because wordpress.com have an SSL certificate for the wordpress.com domain name, but don’t have them for the domains that are mapped — and they don’t support using them if you own your own domain.
This is quite annoying, as it means that sites that use wordpress’ free hosting are fine, but those of us who pay (and I pay WordPress for domain mapping, extra storage space, ad removal, and other bits and pieces — I’m a paying customer, not someone whining about a free service) have our sites broken if people are trying to be secure by using addins like HTTPS Everywhere.
Yet try to connect to https://whatever.scalzi.com and you’ll get exactly the same error. The $5000-per-month site is broken, while the $0 ever sites are fine.
Until recently, I’d not thought of this as a particular problem, but there’s been a big push from a variety of sources, including Google, Mozilla, and the Electronic Frontier Foundation, to move everything over to HTTPS, and I got my first email yesterday from someone who’d tried to access this blog by HTTPS and been unable. So I spent a while today looking through WordPress’ support forums to see if this was something they were planning to add as a feature. All I could find was this from May:
If you wish to avoid the error message when you visit sites hosted on WordPress.com, you can replace https:// in your address bar with http://. If you have any visitors who are concerned with the error when they arrive at your site, they can use the same solution.
Which is helpful, especially since if visitors can’t get to the site, there’s no way to tell them how to get to the site.
I’m going to get in touch with their support team on Monday (their whole support team is off work this week, for some reason) and see if they’re planning to change their — frankly bizarre — current policy any time soon. If not, I’ll probably have to move the site to somewhere else, and quickly — I pay for another year of their services on December 26.
I really don’t have the brains to be looking for new hosting solutions and migrating six years worth of data over at no notice :-/