Bloggers: Read this before moving to https
To comprehensively secure your blog, you need to use a 3rd party feed management tool that serves your feed over http.
You are convinced of the benefits of https. You are about to take a plunge into moving your blog to https. But before migrating your blog to https, you need to know few key details.
In case you are still not sure of the benefits of https, read my other post on benefits of https
I followed the guide by Eric Mill for buying the certificate. Webfaction allows installing the certificate via their control panel. There were no surprises and it went smooth.
You can do this progressively too. I started with links in the recent pages, then to the most visited pages and then other pages.
If you know SQL, query the db for entries pointing to http and pick the list to modify. If you know SQL well, then you can issue an update query too.
This was unexpected.
Once I migrated this blog to https, the RSS feed for this blog became
https://www.jjude.com/feed.xml. I used W3C feed validator to validate the feed. I was happy to see This is a valid RSS feed as the result. Then I went about making the site changes I talked about in the earlier step.
But when I submitted my blog to alltop, a feed aggregator, it said the feed didn't pass its validator test and directed me to validate with Feed Validator. It gave me a strange Internal error. The corresponding link said, the server couldn't download the feed. I kept trying, thinking my hosting servers are at fault.
You can try by clicking this url. It still gives this cryptic error. I don't know why technology folks can't give a helpful error.
Then I tried the Flipboard feed validator. It also gave the same internal error. May be there is something wrong with my feed! But I don't know what.
We rant about AI and machine learning, but we can't give a meaningful error. How exciting it is to be in tech industry!
I felt helpless. I can't even ask anyone for a solution, because I don't know the problem.
Then I tried the npm feed validator. It led me to another time-sink. This time the error was,
Self reference doesn't match document location. Better than
internal error, though.
I spent a lot of time researching on this error and it led me nowhere.
Thankfully the Flipboard feed validator had a file validator. I uploaded the feed as a file and it validated just fine. hmm....
Then just out of curisity, I disabled the https on my site and validated the feed. Both feed validators passed the feed.
May be there is no problem with the servers; the problem is securing your site. The world doesn't like it.
At least now, I know the problem. So I searched
https feed validation fails. And there was a question in stackoverflow. Oh, Thank heavens for Stackoverflow.
Unor explains it in the Stackoverflow answer:
The RSS 2.0 spec specifies that the url must be http url
Yes, the RSS feeds have to be hosted on a http url and not a https url.
Should I thank Dave Winer for creating the amazing RSS feed spec, which spearheaded the growth of blogs? Or should I whine for making the web little less safer?
So what is the solution?
So, the only solution to comprehensively secure your blog is to use a 3rd party feed management tool that serves your blog feed over http!
I didn't want to pay for a feed manager. So I am using Feed Burner.
May be this is why the top content marketing experts are still on http!
Dave, please change the RSS spec.