When we first heard about Let’s Encrypt and that they wanted to make https available for everybody we were quite impressed but of course a little skeptical. It sounded too good to be true. So lets have a look what is Lets Encrypt and how it works. Let's start with how things are with "normal" SSL certificates.
The normal and proven process
Preparing, buying and installing a SSL certificate can be quite a hassle. Here are pretty much the steps needed to get an SSL for your website:
- Generate a private key OR reuse old key from last time (doesn’t matter)
- Generate a CSR (Certificate Signing Request)
This is where you specify such things as Company name and domains you want to secure.
- Your order the certificate online.
- Find your credit card and pay
- Verify your phone number with an automated call (varies from vendor to vendor)
- Choose and email, like postmaster@YOURDOMAIN.com where you will receive a confirmation email.
- Find that email! If you are doing this for a customer, you are in for a nightmare, they often doesn’t have access to that mailbox.
- You click on that email and your Certificate will be emailed to you.
This process, if you know what you are doing, takes about 30 minutes. However if it is your first time, you have to know how to first get the OpenSSL command line tool. Once you got that you have to figure out how to get the correct arguments to OpenSSL, and that is by no means easy!
And on top of it all, you have to pay for a wildcard certificate. So no wonder why a lot of people go through that hassle if they just have a small site. Even security is important - no matter the size of a website or its content.
So how does Let’s Encrypt work?
Does it make you go through the same treadmill and do all those things?
First things first. The process described below is for a Virtual or Dedicated Server. Bamboozle has made things easier for its customers. If you are on realWeb Linux or Windows, the creation and installation of a Let's Encrypt certificate is nothing but a single mouse click.
But lets go back to a dedicated Linux server. Let’s encrypt knew the pain and their primary solution was to make some kind of “plugin” infrastructure. Right now there is two plugins, one for Apache and one for Nginx.
The idea is that the plugin will do everything you need to do. There is also a “certonly” option which as indicated gives you the certificates directly. Once you run "certonly" on a VPS or Dedicated Server it will enable the SSL automatically. One downside with Let's Encrypt is that - not like standard SSLs that renew yearly - the certificate has to be renewed every 90 days. And this process is not automated. (well on realWeb it actually is).
So be prepared to mark your calendar and do the steps again. It takes less than 30 seconds but you should be aware of it.
Let’s Encrypt is great and it is amazing that they have taken something that cost money and made it free. And the key is that the focus is clearly on internet users - SSL protects their information. And now there is no excuse anymore not to encrypt your website. On realWeb all you have to do is click "let's Encrypt" and you are secure, on a Server its two items more. But it's free and convenient. Also keep in mind that SSL is more and more important for your SEO rankings. Google and other search engines already list similar websites higher when the are serving content securely.
is Let's Encrypt a competition for existing SSL vendors and products? We do not think so. Most SSLs add additional functionality like Organization or Enhanced validation, giving businesses better visibility for their products and stores.
But Let's Encrypt is key for standard websites to make the jump to SSL.
That's why we have included the automated provisioning to our Web Hosting products and will add more and more tutorials for our different offerings on how to install and use Let's Encrypt.