Google said it : secure sites with an SSL certificate are favored in search results. The Chrome and Firefox browsers follow suit by indicating that they will warn Internet users when the site is not in HTTPS. The Snowden scandal confirms the need to encrypt exchanges on the web. All that was needed was a simple service to get and install a free SSL certificate : Let’s Encrypt.
Why install a free SSL certificate
First of all, let’s understand the usefulness of a free SSL certificate :
To make sure that the server you ask for the web page is who it claims to be
To encrypt data circulating on the web (including sensitive data such as credit card numbers, passwords, emails, CRM data, videoconferencing, etc.)
To get a better ranking in the Google search engine (and probably others too)
So that the website is not described as « unsecured » by some web browsers such as Chrome and Firefox
To take advantage of the future version of HTTP improving the loading speed of web pages : HTTP/2
The difficulties of setting up an SSL certificate
It can therefore be concluded that the HTTPS protocol should be a standard on the Internet, but this is not the case. And for good reason :
- An SSL certificate was not free (the fee is annual and can reach several hundred euros)
- Installing an SSL certificate on a server can be a complex and time-consuming operation
- SSL encryption results in an increase in server response time, resulting in a degradation of the page loading speed
It is to solve the first two problems that the free SSL certificate system « Let’s Encrypt » intervenes.
A Certificate Authority (CA) is an organization that is authorized to issue SSL certificates after performing a number of checks on the domain owner.
Let’s Encrypt offers two major innovations :
- Provide free SSL certificates
- Allow the installation of free SSL certificates automatically in less than 5 minutes
In itself, this is truly revolutionary.
The Cloudflare service also offers the possibility of benefiting from a free SSL certificate with an easy installation, but it is a certificate whose owner is Cloudflare and which has some other small disadvantages.
Let’s Encrypt is an Open Source project (you can get the code here Let’s Encrypt on GitHub) and is funded by some of the biggest names on the web : Mozilla, Akamai, CISCO, EFF and IdenTrust.
Besides, I wonder what these companies expect in return, what is the business model of Let’s Encrypt… If anyone knows, don’t hesitate to say it when commenting on this article.
How to install a free Let’s Encrypt SSL certificate
Installing a free Let’s Encrypt SSL certificate is really disconcertingly easy. However, you will still need root access to your server and some (basic) Linux knowledge. There are online video tutorials to explain step by step how to install Let’s Encrypt on your server.
Here are the two lines of code that allow you to install the SSL certificate for stileex.xyz on a server running under Ubuntu for example :
$ sudo apt-get install lets-encrypt
$ lets-encrypt stileex.xyz
In addition, if your web host makes you available to cPanel or Plesk manager, then there is an automated installation option directly for these interfaces. A novice can easily and in a few clicks install his own free SSL certificate.
When will Let’s Encrypt be available ?
ISRG (Internet Security Research Group), an organization developing and managing Let’s Encrypt, plans to open the service to the public in the summer (northern hemisphere summer ;) ) 2015.
Of course, I will closely monitor the evolution of this project because, as I said, it is revolutionary and responds to an increasingly unavoidable need on the Internet.
I will therefore regularly update this article (you can subscribe to my newsletter by clicking here).
02/11/2016 : Let’s Encrypt launches a crowdfunding campaign on Indiegogo to finance itself
2017 : Let’s Encrypt is a fully functional service for the general public. Anyone can have their free SSL certificate :)
Do you know of any other similar service ? Do you have any other information about Let’s Encrypt ? Do you have any questions ? So don’t hesitate to comment on this article :)