Christmas might still be two weeks away, but our friends at the Internet Security Research Group (ISRG) are giving the Internet an early gift.
ISRG, a California-based public benefit organization, has set out to revolutionize data security with their free and open certificate authority project, Let’s Encrypt. The driving idea of the project is to reduce the cost of entry and technical barriers associated with secured communications. Their goal is to have every website encrypted and served over Transport Layer Security (TLS) so that people’s information is protected from snoops.
Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Setting up a Domain Validation certificate for a domain will be as simple as running a small script one time. That’s it – once setup the certificate will automatically reach out to the Certificate Authority every 60 days and renew itself. Let’s Encrypt is a set-and-forget security tool that is paving the way for HTTPS to become the default.
The announcement of release to public beta came on December 3rd. The organization has explained that the project will remain in beta for a while, as they still have quite a bit of work to do to improve the user experience. While the setup process is relatively short, it still requires some technical knowledge and server access that is usually out of reach of the average hosting client.
At this point in time shared hosting account users will not be able to take full advantage of Let’s Encrypt, but can still find a similar experience using CloudFlare‘s free SSL feature to secure their websites. It won’t be long, however, until major hosting providers begin utilizing Let’s Encrypt to provide TLS to all customers. The project acts as a back-end for hosting providers to offer free Domain Validation certificates to their customers. Control panel providers like CPanel are already looking at options for including access to Let’s Encrypt within their product.
So what does this mean for you?
If you’re a website owner on shared hosting you should keep your eye out for news from your Web Hosting provider about the option of securing your website with Let’s Encrypt. Or, if you’re in the market for a new hosting option, consider moving to a company like DreamHost which has already started working to implement the project on their servers and will likely enable HTTPS as default for new users.
If you are a hosting provider or manage a VPS you should consider implementing Let’s Encrypt for your websites. For those using CPanel/WHM, there’s a handy step-by-step guide for getting started. Or, if you need some help feel free to shoot me an email and I can give you a hand.
The future is very exciting and, thanks to Let’s Encrypt, powered by secured communication.