Anyone who has been through the trouble of creating a secure website knows how complicated and annoying it is to get an SSL certificate. Let's Encrypt will automate this process and allow web administrators to activate HTTPS with a single click or command from the terminal.
When Let's Encrypt launches its service in the summer of 2015, enabling HTTPS on a website will be as easy as installing a small piece of certificate management software on the server:
sudo apt-get install lets-encrypt lets-encrypt myweb.com
That's all there is to it to enable https on myweb.com!
The Let's Encrypt management software will:
- Automatically prove to Let's Encrypt that we control the website in question
- Obtain a trusted SSL certificate and install it on our web server
- Keep track of when the certificate will expire and renew it automatically
- Help us revoke the certificate if it ever becomes necessary.
There will be no validation emails, no complicated setup, no expired certificates that 'break' the website. And, as if that weren't enough, Let's Encrypt will provide certificates for free, without having to shell out a fortune year after year.
Why provide such a service for free?
Ever thought how much more secure the internet could be if installing and configuring HTTPS were easier? Well, much of that problem lies in obtaining trusted SSL certificates, which are generally paid and can be quite a hassle to install for those new to the topic.
Let's Encrypt is a free, automated and open certificate authority created by the Internet Security Research Group (ISRG).
The key principles behind Let's Encrypt are:
- FreeAnyone who owns a domain can obtain a validated certificate for that domain at zero cost.
- Automatic: The enrollment process for all certificates occurs easily during the native server setup or setup process, while renewal occurs automatically in the background.
- Insurance: Let's Encrypt will serve as a platform for the implementation of modern security techniques and good practices.
- Transparent: All certificate issuance and revocation records will be available to anyone who wishes to review it.
- Open: The automatic issuance and renewal protocol will be an open standard and the software will be open source to the extent possible.
- Cooperative: Like the underlying Internet protocols themselves, Let's Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.
They already have sponsors such as Mozilla, Cisco and the Electronic Frontier Foundation (EFF). However, you can also join.
If you want to know more about how Let's Encrypt works behind the scenes, I suggest you take a look at technical section on the official site of the project. If you really want to dive into the details, you can read the full protocol specification at Github.
The subject is interesting, but for now the secure connection is a minority. It is so, and I doubt that will change significantly. That does not mean that we do our best, and this is an opportunity.
Ideally, all connections should be secure, and if not, currently it will not be due to lack of means ...
Greetings.
That is excellent news, although I prefer to download and install the certificate by hand.
Here in Mexico the certificates range from 40 to 100 US depending on the provider, get them free \ o /
I look forward to the service with all my hope!
Currently it is possible to obtain free certificates: https://www.startssl.com/?app=0
but ... this project is wonderful, welcome and contribute in what we can ...
A hug
I believe that it is not an SSL encryption but one with TLS, which is the minimum protocol that Mozilla will support with version 34 of Firefox ... SSL v3 has been falling apart and is considered dead [1], so it is important to give to know that.
Excellent initiative by such a disparate group (what is Cisco doing there?), Let's see if we can get a little closer to encryption on the web.
Greetings.
1: http://www.securitybydefault.com/2014/10/vulnerabilidad-critica-en-ssl-poodle.html
Can it be used for non-web services like an SVN server or things like that?
That is a good question. I don't know ... but I understand that it does. We will have to wait for next year ... 🙂
Only works for ubuntu?
How would I install it if I wanted it on CentOS?
Thank you
No. It will work for any operating system, as I understand it. Anyway, we will have to wait.