letters and an eyeglass on table

Why That Little Padlock Matters: Understanding SSL Certificates

Have you ever noticed the little green padlock in your browser’s address bar when visiting certain websites? This padlock signifies more than just good looks – it’s a badge of honor representing a secure connection thanks to an SSL certificate. But what exactly is an SSL certificate, and why should you, as an internet user, care?

Think of an SSL certificate as a digital passport for your website. It verifies the website’s identity and ensures that any information you send or receive, like passwords or credit card details, is encrypted and scrambled, making it unreadable to prying eyes. It’s like sending a secret message with a special code that only the intended recipient can decipher.

Here’s why SSL certificates are essential:

  1. Security Matters: In today’s digital world, data breaches are all too common. Hackers are constantly looking for ways to intercept sensitive information, and an unencrypted website is an easy target. An SSL certificate acts as a shield, protecting your data from falling into the wrong hands.
  2. Building Trust: Imagine walking into a store with boarded-up windows and a shady-looking character at the door. Not exactly confidence-inspiring, right? Similarly, websites without SSL certificates raise red flags for users. The padlock symbol, on the other hand, instills trust and assures visitors that their information is safe.
  3. SEO Boost: Search engines like Google reward secure websites with higher rankings in search results. So, having an SSL certificate not only protects your users but also helps your website stand out in the online crowd.
  4. Future-Proofing: SSL certificates are no longer optional; they’re becoming the standard for any website that wants to be taken seriously. By securing your website now, you’re future-proofing your online presence and ensuring a smooth user experience.

Remember: Just like you wouldn’t send a postcard with your credit card number written on it, don’t share sensitive information on websites without the green padlock. Look for the symbol, ask questions, and prioritize your online security.

Bonus Tip: Different types of SSL certificates offer varying levels of validation and security. For websites handling sensitive data like financial transactions, a higher-level certificate is recommended.

So, the next time you see the green padlock, remember, it’s not just a decoration; it’s a symbol of a secure and trustworthy online experience.

Why the bncert-tool Tool is Great for Configuring HTTPS…

The bncert-tool tool is a great way to configure HTTPS on Bitnami stacks. It is a simple, easy-to-use tool that can be used to generate and install Let’s Encrypt certificates, configure automatic renewals, and redirect HTTP traffic to HTTPS.

Here are some of the benefits of using the bncert-tool tool:

  • It is simple and easy to use. Even if you are not familiar with command-line tools, you can use the bncert-tool tool to configure HTTPS on your Bitnami stack.
  • It is efficient. The bncert-tool tool can generate and install Let’s Encrypt certificates quickly and easily.
  • It is secure. The bncert-tool tool uses Let’s Encrypt certificates, which are considered to be the most secure certificates available.
  • It is reliable. The bncert-tool tool can automatically renew your certificates, so you don’t have to worry about them expiring.
  • It is flexible. The bncert-tool tool can be used to configure a variety of settings, such as the domain name, the type of certificate, and the automatic renewal period.

If you are looking for a simple, easy-to-use, and secure way to configure HTTPS on your Bitnami stack, then the bncert-tool tool is a great option.

Here are some additional benefits of using the bncert-tool tool:

  • It can be used to configure HTTPS on a variety of Bitnami stacks, including WordPress, Joomla, Drupal, and Magento.
  • It can be used to configure both HTTP and HTTPS redirections.
  • It can be used to configure automatic certificate renewals.
  • It is supported by the Bitnami community, so you can get help if you need it.

If you are looking for a reliable and secure way to configure HTTPS on your Bitnami stack, then the bncert-tool tool is a great option.

What is TechSoup?

TechSoup is a nonprofit organization that provides technology resources to nonprofits and libraries around the world. They offer a variety of services, including:

  • Donated software and hardware: TechSoup partners with technology companies to provide free or discounted software and hardware to nonprofits. This includes popular software like Microsoft Office, Adobe Creative Suite, and Intuit QuickBooks.
  • Training and resources: TechSoup offers a variety of training and resources to help nonprofits use technology effectively. This includes webinars, online courses, and a library of articles and guides.
  • Networking opportunities: TechSoup provides opportunities for nonprofits to connect with each other and share best practices. This includes online forums, in-person events, and a mentorship program.

TechSoup is a valuable resource for nonprofits of all sizes. They offer a wide range of services that can help nonprofits improve their efficiency, reach more people, and achieve their goals.

How does TechSoup work?

TechSoup works by connecting nonprofits with technology companies that have donated software and hardware. Nonprofits can apply for these donations through TechSoup’s website. Once a nonprofit’s application is approved, they will be able to download or purchase the donated software or hardware at a discounted price.

TechSoup also offers a variety of training and resources to help nonprofits use technology effectively. These resources are available online and in-person.

How much does TechSoup cost?

It is free to join TechSoup. However, there is an administrative fee for each donation request that is processed. The fee covers the cost to administer the donation program.

How can I learn more about TechSoup?

To learn more about TechSoup, you can visit their website at www.techsoup.org. You can also sign up for their newsletter to stay up-to-date on their latest news and resources.

DocuSign for Nonprofits: How to Get It for Free

DocuSign is a cloud-based e-signature and transaction management software that can help nonprofits streamline their workflows and save time and money. However, DocuSign can be expensive, especially for small nonprofits.

Fortunately, there is a way for nonprofits to get DocuSign for free through TechSoup. TechSoup is a nonprofit organization that provides technology products and services to nonprofits at discounted prices.

To get DocuSign for free through TechSoup, your nonprofit must meet the following criteria:

  • Be a registered 501(c)(3) organization in the United States
  • Have an annual budget of $1 million or less

Once you have met the eligibility criteria, you can follow these steps to get DocuSign for free through TechSoup:

  1. Go to the TechSoup website and create an account.
  2. Search for DocuSign in the TechSoup catalog.
  3. Click on the “Request” button to start the application process.
  4. Provide the requested information, including your nonprofit’s EIN and budget.
  5. Pay the TechSoup administrative fee.

Once your application is approved, you will receive a DocuSign subscription for free.

If you are a nonprofit that is looking for a way to streamline your workflows and save time and money, DocuSign is a great option. And with the help of TechSoup, you can get DocuSign for free.

Additional Information:

Use Google Tag Manager with Analytics

There are two different ways you can include Google Analytics tracking code in your website. The first is the easiest and most straight-forward. Google Analytics gives you a block of code to insert into the heading of your website. If you include it in your theme or template, it will be included on every page and work great.

The Cons

The drawback to doing it this way is that it becomes difficult to manage or adjust. Big deal, right? Once you set your Analytics code in place how often does it really change? Well, in a situation like the one we’re in right now (Switch to Google Analytics GA4 before July 2023), it can be a little difficult. Especially if you wan to run multiple instances of analytics simultaneously.

The Solution

The solution is to instead use Google Tag Manager. Instead of injecting the analytics code directly into your website, you insert a container. That container can then have multiple tags included from a third party interface. That allows you to have multiple tags. Google Analytics UA and GA4 instances are just the beginning of the tags you can include in your Tag Manager container. Additional tags could be everything from a Facebook verification code to a timer tracking how often paid search visitors spend more than 5 minutes on your landing page. The possibilities are truly endless!

The next time you need to change or set up Analytics, take a minute to learn what Google Tag Manager can do for you.

Upgrade PHP on Amazon Lightsail

PHP is a programming language that stands for PHP Hypertext Preprocessor. I know, I know. How can an acronym stand for itself? It just does. PHP is the backbone of WordPress sites.

There are many reasons to keep the PHP version of your website up to date.

  1. First and foremost is cybersecurity. Each new version of PHP has patches for previously discovered vulnerabilities. Keeping your site on the latest revision means you get all of the security patches.
  2. New versions of PHP also tend to boast better performance. That means your website will load faster and be better for users.
  3. There are also new features that come with PHP or may be relied on by new features of WordPress. Keeping everything current ensures you can take advantage of these when they are released.

Unfortunately, unlike some other hosts, there is no single button you can click to upgrade PHP versions on Amazon Lightsail. I upgrade all of my servers annually. There is not often a major release of PHP and even when one comes out, it is not immediately available in Lightsail. Checking and performing the upgrade once per year is about the right cadence for me.

To do so you must:

  1. Log in to the current site and perform a backup using Updrafts Plus plugin
  2. Spin up a new instance of a WordPress Binami server
  3. Log in using the default user password and install and connect Updrafts Plus backups
  4. Restore the latest backup
  5. Move the static IP associated with the live site to the new server
  6. Perform a bncert-tool upgrade and generate a new certificate

It’s not quite as convenient as a single button press, but there are other upgrades that come with the latest and greatest server configurations for WordPress utilizing Bitnami in Amazon Lightsail. So it is a good annual maintenance activity to keep your sites fast, secure, and user friendly.

ChatGPT: The end of blogging as we know it

ChatGPT has been in the news a lot lately. Everyone is at least vaguely aware that it’s some sort of artificially intelligent chat bot. But I didn’t fully grasp the ramifications until I took the time to play with the tool myself. You can check it out too at https://openai.com/blog/chatgpt/.

You will need to create a user account, but that is free. And then you can see some examples of prompts that it can respond to. Have a conversation and marvel at the fluidity. Ask it questions and get answers back promptly and completely.

The major criticism (and rightfully so) is that it is so fast and authoritative on subjects that people tend to believe it – even when it’s wrong. It’s also using information scrapped from the internet to build its knowledge. There was a time that Google Translate was a free online tool that could be used to translate websites in real time. Until they realized that most of the translated content out there was translated by them, and a feedback loop occurred resulting in poorer quality. They eventually put a very small fee to use the API and knocked most users off as a result to try to preserve the bank of human generated content to pull from. What happens to ChatGPT when the internet it pulls from was also written by AI?

Want to know why I think it will have a big impact? Because, secretly, I didn’t write my last blog: Registering your nonprofit with PayPal. Instead, I went to ChatGPT and said, “Write me a blog about registering a nonprofit with PayPal” and the body of that blog was its immediately response. Nobody noticed. And I really had no notes of how to improve it after the fact.

Now that’s scary.

Registering your nonprofit with PayPal

Paypal is a popular online payment platform that allows individuals and organizations to send and receive money electronically. Nonprofits, in particular, can benefit from using Paypal as it allows them to accept donations from a wide range of donors. In this blog post, we will explain the steps to take to register your nonprofit on Paypal.

Step 1: Create a Paypal account

The first step in registering your nonprofit on Paypal is to create a Paypal account. You can do this by going to the Paypal website and clicking on the “Sign Up” button. You will need to provide some personal information, including your name, email address, and a password.

Step 2: Apply for nonprofit status

Once you have created a Paypal account, you will need to apply for nonprofit status. To do this, go to the Paypal website and click on the “Donations” button. Then, click on the “Nonprofits” link and follow the prompts to apply for nonprofit status. You will need to provide some basic information about your organization, including its name, mission, and EIN (Employer Identification Number).

Step 3: Verify your nonprofit status

Once you have applied for nonprofit status, Paypal will review your application and verify your nonprofit status. This process can take several days, so be patient. Once your nonprofit status has been verified, you will be able to accept donations through your Paypal account.

Step 4: Set up donation buttons

Now that your nonprofit status has been verified, you can set up donation buttons on your website or social media pages. To do this, go to the Paypal website and click on the “Donations” button. Then, click on the “Create a Donation Button” link. You will be prompted to enter some basic information about your organization and the donation button, such as the donation amount and the currency. Once you have completed this step, you can copy and paste the code for the donation button onto your website or social media page.

Step 5: Start accepting donations

Once you have set up donation buttons, you can start accepting donations through Paypal. You will receive email notifications every time a donation is made, and the funds will be transferred to your Paypal account. You can use the funds in your Paypal account to pay for expenses related to your nonprofit, such as rent, salaries, or program costs.

In conclusion, Paypal is a great platform for nonprofits to accept donations. It is relatively easy to register, and the process is straightforward. By following the steps outlined in this blog post, your nonprofit can start accepting donations through Paypal in no time.

Using GSuite in compliance with HIPAA

HIPAA is the Health Insurance Portability and Accountability Act. In short, it requires any organization that handles protected health information (PHI) to act as trustworthy and cyber-secure stewards of that data. Most often people associate this with doctors’ offices. You wouldn’t want your personal health records to be publicly available. Nor would you want your data sold to advertisers to monetize your most private data, likely without your knowledge.

Any organization that will collect or store PHI must be aware of the laws regarding HIPAA and ensure those systems for collection and storage are also HIPAA compliant. Enter GSuite, or Google Workplace, as it is most recently branded. It is fully capable of protecting data within its ecosystem, but your organization must first opt in for this type of protection.

This Google Help Article: HIPAA Compliance with Google Workspace and Cloud Identity has the most up to date information on how to enable these features in your instance. Essentially, you just need to check a box and and answer a couple of simple yes/no questions. Inside the Admin Console, navigate to Account > Account Settings > Legal and Compliance. There you will find Security and Privacy Additional Terms for Cloud Data Processing Addendum to Google Workspace or Cloud Identity Agreement. Review the appropriate clauses and if your organization fits and requires this additional layer of security, click Review and Accept.

Bitnami bncert-tool manual update to pull new certificates

Using free SSL certificates from LetsEncrypt is a great way to keep your site and your users secure. The only downside is that each certificate is only good for 90 days. Either you need to remember to renew your certificates every 90 days or you need to set up auto-renewal on your hosted server. If you’re using Bitnami packaged app for WordPress, then it’s easy! The bncert-tool will automatically check to see if your certificates are nearing expiration and automatically update them without needing anything from you.

… Until it does. This week I got notified by two different sites that their certificates were nearing the expiration date. That normally doesn’t happen because they’ll get renewed automatically well in advance. When I logged in to investigate, I saw that even manual attempts to renew the certificate were failing. The issue ended up being that I needed to upgrade my bncert-tool.

Bitnami bncert-tool References

Learn About The Bitnami HTTPS Configuration Tool is a great resource with everything you need to know about setting up bncert-tool. The command to upgrade is simple and takes only a few minutes to run and then you will be able to renew your SSL certificates.

sudo /opt/bitnami/bncert-tool

If your tool is out of date, this command will inform you of that fact and ask if you would like to upgrade. Just hit ‘Y’ and Enter and the update will happen in the background in a matter of seconds. Once it is complete, you can run the same command a second time. This time it will walk you through the process to update your certificates.

I upgrade mine and my clients’ servers once per year. This is to get the latest Bitnami stack as well as the upgraded security features for each new revision of PHP. So this should be a rarity that an update of the tool is required in between annual server migrations. But just in case you’ve run for a long time without checking, be on the lookout for expiration notices and take action!