PDA

View Full Version : secure.bluehost.com extremely slow



schou123
08-25-2006, 08:41 AM
I've found that conducting SSL transactions on secure.bluehost.com using shared SSL has been unbearably slow. Because of the lag, customers have been exiting my commerce site during the checkout phase. What are my options if I want to speed up my SSL transactions? Are there other hosting options I can choose?

Sincerely,
Steve

GroceryThai
08-25-2006, 08:52 AM
I've found that conducting SSL transactions on secure.bluehost.com using shared SSL has been unbearably slow. Because of the lag, customers have been exiting my commerce site during the checkout phase. What are my options if I want to speed up my SSL transactions? Are there other hosting options I can choose?

Sincerely,
Steve


My site use shared SSL at secure.bluehost.com. It is extremely slow. I have 1.5mbps connection at home, it takes about 10-15 seconds to download the secure page. And somehow, I lost reply signal from paypal and payment gateway. So, the transaction is not completed, though customer have paid.

I called bluehost, they said they are upgrading their secure server. They do not have delicate server, otherwise, i will upgrade my plan. I have been thinking if this problem still exists, I might have to move out.

Bluehost has great service. I like that. But my customer leave me, it is too slow.

schou123
08-25-2006, 03:41 PM
I appreciate your reply GroceryThai, but I was looking more for a solution to my problem rather than trying to see if others were having the same issue. Can some of the bluehost employees please comment on the state of the secure servers? Can I pay an additional fee and get placed on a less loaded machine?

Sincerely,
Steve

Early Out
08-25-2006, 03:45 PM
This is mostly a user-to-user forum, so you really should contact BH support, either by phoning or by emailing support@bluehost.com.

Basil
08-25-2006, 08:16 PM
http://helpdesk.bluehost.com/kb/index.php?x=&mod_id=2&id=229

Silverado05
08-25-2006, 09:33 PM
I've found that conducting SSL transactions on secure.bluehost.com using shared SSL has been unbearably slow. Because of the lag, customers have been exiting my commerce site during the checkout phase. What are my options if I want to speed up my SSL transactions? Are there other hosting options I can choose?

Sincerely,
Steve

Yes you are correct, it is ubearably slow due to it being a shared SSL. I would highly suggest going with a 3rd party cert like GoDaddy. I use GoDaddy SSL on my cart and it works great. The shared SSL here works great when you are trying to just secure a URL, but not an entire page. Their are other places you can get a SSL, I just referred GoDaddy as I use that one and it seems to be the most popular and is cheaper.

kimsonvu
08-25-2006, 09:38 PM
Yes you are correct, it is ubearably slow due to it being a shared SSL. I would highly suggest going with a 3rd party cert like GoDaddy. I use GoDaddy SSL on my cart and it works great. The shared SSL here works great when you are trying to just secure a URL, but not an entire page. Their are other places you can get a SSL, I just referred GoDaddy as I use that one and it seems to be the most popular and is cheaper.

SSL from Godaddy can use on bluehost?:confused: .

areidmtm
08-25-2006, 09:40 PM
SSL from Godaddy can use on bluehost?:confused: .

yes you can use any 3rd party cert.

Silverado05
08-25-2006, 09:41 PM
Yes, you just have to email support@bluehost.com and have a level 2 tech install it. Once you purchase it from GoDaddy they will email you a key and cert. You just forward that to BH support and they will do the rest. Also make sure you add your domain and last for digits of the credit card that you used to purcahse you hosting account and you're set.

kimsonvu
08-25-2006, 09:44 PM
Yes, you just have to email support@bluehost.com and have a level 2 tech install it. Once you purchase it from GoDaddy they will email you a key and cert. You just forward that to BH support and they will do the rest. Also make sure you add your domain and last for digits of the credit card that you used to purcahse you hosting account and you're set.

My problem here is when i sign up bluehost, i was chose wrong main domain.That my domain is host at another server now :( ......
Can they reactive main domain?

Silverado05
08-25-2006, 09:55 PM
I didn't quite understand your last post. Are you saying you are no longer hosted with Bluehost anymore?

kimsonvu
08-25-2006, 10:21 PM
I didn't quite understand your last post. Are you saying you are no longer hosted with Bluehost anymore?
Oh,sory about my English Skill
I have 3 domain.
First domain,i was hosted at another service for 6 month,2 domain i host in bluehost.I think when first domain have expire,i will remove it to bluehost.
In bluehost now,i chose main domain is first domain :( ...
Can i reactive main domain to 2 domain second?

Silverado05
08-25-2006, 10:37 PM
Sorry, I don't seem to understand what you are trying to explain. No offense, but what are you trying to do, and what does this have to do with SSL?

schou123
08-26-2006, 09:04 AM
Hi Silverado,

Does getting and installing an SSL cert from GoDaddy imply that all the encryption processing will be offloaded onto Godaddy's servers?

dvessel
08-26-2006, 09:18 AM
Interesting question. Which machine would do the encrypting? I'd guess it's still Bluehosts servers since the cert has to be installed on BH's end. There would also be more overhead by relaying from BH to GoDaddy then to a browser for every secured page request which doesn't sound right.

Assuming the above is right, then how can a shared key could slow down a server when using an outside cert would be running on the same machine? Could anyone explain? I'm planning on getting a cert myself.

dvessel
08-26-2006, 09:38 AM
Ah, I was just skimming this page:

http://en.wikipedia.org/wiki/Certificate_Authority

All your purchasing is a key from a trusted source. From what I gather, the encryption is done on Bluehosts servers. So, there must be something else about the shared cert causing the slow downs.

schou123
08-26-2006, 10:04 AM
Hi Dvessel,

Yeah, I did a little research also. The only downside of shared SSL is that it doesn't look as good as having your own shared cert issued to you own domain. For example, it wouldn't look too good if a site such as bank of america was using secure.bluehost.com's shared cert. The only thing explanation for the lag is that bluehost is not dedicating enough processor power for processing encrypted transfers. Whether or not a separate certificate is obtained or not will not have any effect on lag.

dvessel
08-26-2006, 10:25 AM
Just realized that "secure.bluehost.com" points to a single server where as getting a private cert would work off the box your hosted on. That must explain it.

Imagine all the accounts sharing secured connection off of one box. Last time I checked there were over 165,000 domains run by Bluehost. I might be wrong but it makes sense.

Silverado05
08-26-2006, 01:42 PM
Yea you are correct, the KEY, CSR, CRT is still all generated from your bluehost cPanel and is what you give GoDaddy that they use to issue your cert and key. It's pretty much all sefl explanatory once you start the process. The secure.bluehost.com shared SSL is very slow which is why I went with a dedicated SSL. Also in order to get a dedicated SSL you need a dedicated IP which I think was only $30 yr if memory serves me correct. I just know the 3rd party SSL are alot faster because they are dedicated. Like I have said before, the secure.bluehost.com SSL is still good for securing URL's that are on Secure pages. For example, I have some Js that has some URL's that links to a page offsite. Well Js isn't a secure script so it also makes the URL unsecure which in result I didn't have a completely secure page. So instead of www.mysite.com I used the secure.bluehost.com yada yada yada which in turn secures that URL and then makes the entire page secure. So that is they only thing I use the Shared SSL for. I hope that makes sense. It didn't make sense to me at first, but I have another thread that exaplains it further.

So if you want your secure page to load and run faster I would go with a 3rd party SSL and then just use the secure.bluehost.com for securing URL's within secure pages etc.

dvessel
08-26-2006, 03:13 PM
To clarify, we were talking about encrypted connections between the server and browser. Not the initial setup through cPanel.

Schou123, it looks like having a dedicated certificate will have great effect on lag. A requests going through "secure.bluehost.com" is hitting a single box. Using a private certificate hits the box your already on. So, unless your box is already overloaded it should run a lot faster. It also shouldn't matter where you get the cert. GoDaddy, whoever.. It would perform just the same.

shared:
Every connection here has to go through the same box. Considering the amount of potential activity. It doesn't look sufficient.


[server1]
|
[server2] | [server3] [encrypted request1]
\ | / /
[server4]--{secure.bluehost.com}--[encrypted request2]
/ | \ \
[server5] | [server6] [encrypted request3]
|
[server7]


private:
The certificate runs on the box you are already on. The IP changes to dedicated but it's still the same box.


[server w/ private cert]---[encrypted request]


This is still a guess on my part. Can anyone correct/verify? The above star topology (shared) doesn't scale well so it's a good idea to get a private key.

Silverado05
08-26-2006, 04:02 PM
dvessel you are pretty much right on. It's better to get a dedicated IP which you have no choice if you run a private SSL anyways. Getting a 3rd Party SSL is the way to go if you are wanting to secure entire pages. It will help with lag and page load issues. Doesn't have to be GoDaddy, I just use them as an example since that's who I use and then are rather affordable.

schou123
08-26-2006, 04:19 PM
Thanks guys,

Your explanations make perfect sense.

Steve

Bosch
08-26-2006, 04:29 PM
If your running an ecommerce site its a bad idea to have shared hosting. BH cant really speed it up.
It's like trying to race Williams Renault with Honda Civic. you need at least DV server (30$/mo + and personal SSL which is bout 25$ a year.)
investment worth the reputation and customer experience for your clients.

schou123
08-26-2006, 04:32 PM
Since we are on the topic of SSL, when I generate the SSL certificates, should I use mysite.com or www.mysite.com?

Bosch
08-26-2006, 04:33 PM
Its unrelated post but this is a cool diagramm, Ive never seen this done this way before, lol, I'd use Illustrator for this hahaha.



shared:
Every connection here has to go through the same box. Considering the amount of potential activity. It doesn't look sufficient.


[server1]
|
[server2] | [server3] [encrypted request1]
\ | / /
[server4]--{secure.bluehost.com}--[encrypted request2]
/ | \ \
[server5] | [server6] [encrypted request3]
|
[server7]


private:
The certificate runs on the box you are already on. The IP changes to dedicated but it's still the same box.


[server w/ private cert]---[encrypted request]

dvessel
08-26-2006, 05:05 PM
Since we are on the topic of SSL, when I generate the SSL certificates, should I use mysite.com or www.mysite.com?

I've read someone else mention that your forced to use the "www" for secure requests. Not sure though.

dvessel
08-26-2006, 05:18 PM
Its unrelated post but this is a cool diagramm, Ive never seen this done this way before, lol, I'd use Illustrator for this hahaha.

All that's needed is a monospaced font. Illustrator is sweet but that's more work. :p People have been doing this for a while now. I think this is what they did back in the stone ages of the internet.