Let's Encrypt: Free SSL Certificates for Everyone

Anyone who has been through the trouble of creating a secure website knows how complicated and annoying it is to get an SSL certificate. Let's Encrypt will automate this process and allow web administrators to activate HTTPS with a single click or command from the terminal.

let's encrypt

When Let's Encrypt launches its service in the summer of 2015, enabling HTTPS on a website will be as easy as installing a small piece of certificate management software on the server:

sudo apt-get install lets-encrypt lets-encrypt myweb.com

That's all there is to it to enable https on myweb.com!

The Let's Encrypt management software will:

  • Automatically prove to Let's Encrypt that we control the website in question
  • Obtain a trusted SSL certificate and install it on our web server
  • Keep track of when the certificate will expire and renew it automatically
  • Help us revoke the certificate if it ever becomes necessary.

There will be no validation emails, no complicated setup, no expired certificates that 'break' the website. And, as if that weren't enough, Let's Encrypt will provide certificates for free, without having to shell out a fortune year after year.

Why provide such a service for free?

Ever thought how much more secure the internet could be if installing and configuring HTTPS were easier? Well, much of that problem lies in obtaining trusted SSL certificates, which are generally paid and can be quite a hassle to install for those new to the topic.

Let's Encrypt is a free, automated and open certificate authority created by the Internet Security Research Group (ISRG).

The key principles behind Let's Encrypt are:

  • FreeAnyone who owns a domain can obtain a validated certificate for that domain at zero cost.
  • Automatic: The enrollment process for all certificates occurs easily during the native server setup or setup process, while renewal occurs automatically in the background.
  • Insurance: Let's Encrypt will serve as a platform for the implementation of modern security techniques and good practices.
  • Transparent: All certificate issuance and revocation records will be available to anyone who wishes to review it.
  • Open: The automatic issuance and renewal protocol will be an open standard and the software will be open source to the extent possible.
  • Cooperative: Like the underlying Internet protocols themselves, Let's Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.

They already have sponsors such as Mozilla, Cisco and the Electronic Frontier Foundation (EFF). However, you can also join.

If you want to know more about how Let's Encrypt works behind the scenes, I suggest you take a look at technical section on the official site of the project. If you really want to dive into the details, you can read the full protocol specification at Github.


8 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   José Miguel said

    The subject is interesting, but for now the secure connection is a minority. It is so, and I doubt that will change significantly. That does not mean that we do our best, and this is an opportunity.
    Ideally, all connections should be secure, and if not, currently it will not be due to lack of means ...
    Greetings.

  2.   elhui2 said

    That is excellent news, although I prefer to download and install the certificate by hand.
    Here in Mexico the certificates range from 40 to 100 US depending on the provider, get them free \ o /
    I look forward to the service with all my hope!

  3.   Mauricio Baeza said

    Currently it is possible to obtain free certificates: https://www.startssl.com/?app=0
    but ... this project is wonderful, welcome and contribute in what we can ...

    A hug

  4.   Emmanuel said

    I believe that it is not an SSL encryption but one with TLS, which is the minimum protocol that Mozilla will support with version 34 of Firefox ... SSL v3 has been falling apart and is considered dead [1], so it is important to give to know that.
    Excellent initiative by such a disparate group (what is Cisco doing there?), Let's see if we can get a little closer to encryption on the web.
    Greetings.

    1: http://www.securitybydefault.com/2014/10/vulnerabilidad-critica-en-ssl-poodle.html

  5.   tabris said

    Can it be used for non-web services like an SVN server or things like that?

    1.    let's use linux said

      That is a good question. I don't know ... but I understand that it does. We will have to wait for next year ... 🙂

  6.   Jhoed ram said

    Only works for ubuntu?
    How would I install it if I wanted it on CentOS?

    Thank you

    1.    let's use linux said

      No. It will work for any operating system, as I understand it. Anyway, we will have to wait.