Poodle must have yapped to the rest of teh Internets after my post yesterday, because the scary security warning that appeared on my redesigned website when viewed on Poodle’s Chrome browser has now spread to other browsers.
Catch up on what happened yesterday!
Like I said, I’ve had a standard SSL security certificate for over 10 years, even when I theoretically didn’t need one because I didn’t collect financial information on my site. (I still don’t collect that information.) But now that there’s been a substantial flow of traffic to the redesigned site, it seems that even a standard SSL isn’t enough.
I am speculating that it was the increase in site visitors that aggravated the algorithms after I officially debuted the redesign yesterday, because the site has been live and extensively tested since Feb. 13. Yep, I waited two weeks to announce an exciting new site so any problems would be smoothed out on the down-low!
I’m not sure why I imagined that any part of this project would be simple. As I discussed in this week’s YouTube video, I’ve already suffered through four years of difficulties while attempting to relaunch what appears to be a fairly typical e-commerce website.
But hope springs eternal despite all evidence that it shouldn’t: Yesterday, I said to myself, “Self, there’s no need to panic. You’ll JUST get a new SSL certificate and that will be that.”
The upgraded SSL cert costs money and some sellers were shockingly expensive. Therefore, in a penny-wise-pound-foolish moment, I bought a reasonably priced cert from GoGetSSL.com, but enhanced-security SSLs aren’t a simple online purchase. They require offline vetting, and an outfit called Comodo.com does the vetting for GoGetSSL.com. I can’t list everything that happened next, but it included:
- A phone call with Dun & Bradstreet, which warned me of a three-week delay for account updates unless I wanted to pay for rush service;
- a phone call with my accountant, followed by a letter from my accountant confirming my phone number to Comodo;
- hours of being scared to go out in case the office phone rang;
- and a slow-moving live chat with Comodo support, during which we discussed my accounting firm’s Dun & Bradstreet identification information, as well as my accountant’s personal Dun & Bradstreet information, all in the effort to verify my phone number.
For those not familiar with it, Dun & Bradstreet collects data on businesses. You have to apply for a listing, which I did a dozen years ago under my old company name to work with a massive retailer that loved paperwork but still broke its contract with me. I haven’t used Dun & Bradstreet or looked at it since. I had forgotten I had it set up, to be honest, which is why I was unbothered last year when it was reported that 33 million Dun & Bradstreet files were exposed in a massive database leak. (In hindsight, it’s a good thing that my information wasn’t up to date last year.) Kinda funny that Dun & Bradstreet was playing a big role in making my little site secure, eh?
I say “was” because Dun & Bradstreet is out of the picture after I canceled my order with GoGetSSL.com and ended my chat with Comodo. I called GoDaddy, the issuer of my original standard SSL, and paid more for a new SSL because at least I already had an account with them. I’m told I will hear from the GoDaddy verifiers tomorrow to confirm which of these documents I need to complete the process.
After getting all my documents notarized; uploading code to confirm my domain ownership; and requesting paperwork from the hosting service I use, I might get the new SSL cert in a matter of days. Or it could be weeks. But Ryan, the nice call-center guy, feels like it will be days. Then I’ll have my developer, Avanti, upload all the shit I need for the goddamn SSL cert, and I will finally be able to move on to projects like trunk shows and new jewelry designs that have been on hold since last summer.
In the meantime, you can feel safe buying my jewelry from my new 1stdibs.com storefront, which I spoke about in last week’s YouTube video. I’ve been a happy 1stdibs user for years!
Also, if you’ve made it to the end of this long stabby post and still feel brave enough to browse my new site — even without Dun & Bradstreet’s approval — you can email me your wishlist at info at wendybrandes dot com and I will come up with an extra-special discount for your courage! We will complete our transaction safely on PayPal, whose 2017 database leak was caused by a newly purchased subsidiary and only impacted 1.6 million customers. That’s top-notch these days.