I’ve long considered offering hosting services but never pulled the trigger. I always came to the conclusion that there simply wasn’t a need. That all changed after helping a client build a wonderful website and watch it’s functionality and launch get botched by an all too common hosting nightmare.
It all started when a client, we’ll call him Zebulon, hired me to help build a website for a small non-profit group he worked with. A simple brochure site with the ability to accept donations online. It was agreed that we’d use WordPress, Give and their Stripe API to enable these transactions.
Zeb was well-prepared and ahead of the curve on making all the needed preparations and development went smoothly. It wasn’t until we decided to activate HTTPS on the server that we encountered the problem.
[perfectpullquote align=”right” cite=”” link=”” color=”” class=”” size=””]Quick background: HTTP stands for Hypertext Transfer Protocol and it is the process that webservers use to send data to your browser. This process can be sent through another software called SSL/TLS which prevents hackers and malware from seeing the data being transferred through the Internet. This is called HTTPS and it’s long been a requirement for safe financial transactions over the Web.[/perfectpullquote]
Serving webpages over HTTPS requires two steps. First, you must acquire a secure certificate issued by a major certificate authority. Second, you must configure your webserver to send requests over HTTPS using the certificate that was provided.
Now, most hosting providers offer SSL certificates and configuration at an added cost. (Note: Zero Daedalus is different. We provide free SSL certification and setup to all hosting clients.) Zebulon’s hosting provider didn’t offer them at all.
Normally, if a hosting provider lacks the ability to provide SSL certificates themselves, they typically offer the ability to configure your website to run off of a certificate purchased through a third-party, sometimes at no cost. Zebulon’s wasn’t with one of those providers.
[perfectpullquote align=”full” cite=”Phone Support” link=”” color=”” class=”” size=””] “We have SSL certs but we can’t use those for our user’s websites, they’re for our business domains only.” [/perfectpullquote]
Okay, we aren’t asking to use your certificate. We just want to use the one we purchased. More back-and-forth over the phone.
[perfectpullquote align=”full” cite=”Phone Support” link=”” color=”” class=”” size=””] “We don’t support third-party certificates on our server.” [/perfectpullquote]
Really? This not only affects your users from serving content securely but will also negatively impact their SEO rankings, user experience and, ultimately, their ability to get discovered.
[perfectpullquote align=”full” cite=”Email Support” link=”” color=”” class=”” size=””] “Unfortunately, we just don’t support it and no plans to do so anytime soon..” [/perfectpullquote]
From personal experience I can verify that it takes about three minutes of manpower and about three lines of code to add a third-party certificate to a server configuration. Rather trivial effort for the huge benefit and peace of mind it provides all users and providers.
To throw salt on the wound, after a couple more emails from their manager explaining how it’s just not in their interest to support SSL certificates claiming (inaccurately) only a small fraction of their clients would benefit from it and also offering more advice (which turned out to be false) regarding potential workarounds, the rep followed up with this:
[perfectpullquote align=”full” cite=”Customer Support Rep” link=”” color=”” class=”” size=””]Hi Zebulon,
I thought I would just throw in my 2 cents as an online consumer. I feel much more comfortable making a payment via [popular third-party payment service], because it’s a service I trust and that has been around for almost 20 years, rather than putting in my payment information into a site that I may not have visited many times before, or hasn’t been around very long. Personally, and this is just me, I’m sure that there are people that feel differently, but if I were visiting a site that asked me to put in my payment information directly into the site (even if it was ‘secure’), rather than directing me to a well known and trusted payment method that I am familiar with, I would be less likely to proceed with the transaction.[/perfectpullquote]
Now they are trying to persuade us that we don’t need an inline payment transaction system…because they refuse to support something as basic as SSL certificates.
Sadly, this kind of occurrence is common in the world of web hosting. Situations like this occur all the time as an inevitable consequence of hosting company infrastructures growing too large and unwieldy to adapt to new developments.
Now, not only does the lack of HTTPS support prevent Zebulon’s nonprofit website from accepting donations but, recently, Google has announced major changes to their platforms to encourage use of HTTPS on all webpages by penalizing sites not using it, especially those accepting personal or financial information from end-users. So, Zebulon is screwed, all because his hosting company doesn’t want to expend the effort for extra security, regardless of how vital that security it.
Take note, as this is one of the reasons I’ve decided to offer the Zero Daedalus hosting service. There are far too many large hosting companies that simply can’t or won’t adapt to the ever changing needs of their clients. That’s something you’ll never have to worry about with us. That’s what makes us different.
Expect to hear more Hosting Nightmares coming soon.
Need a website? Looking to upgrade an old website? Get a free consult and we can have you up and running within 24 hours.