Before today, when one talked about SSL certificates, many names came to mind: RapidSSL, Symantec, Trustico, OVH, Gandi… But a new actor just invested the market.
Let’s Encrypt is a new authority providing SSL/TLS certificates, created by the ISRG (Internet Security Research Group), a public benefit corporation. This project offers, for the first time, free, automated and open certificates!
Until now, websites wishing to guarantee their security had to buy SSL certificates from one of many providers. Not only had administrators the feeling to pay dearly for a not-so-complex service, but the administrative management of these certificates was rather complicated, notably when renewals or a change in certificate authority are needed. The automatization of renewals was also not viable, and they requested a regular follow-up (deadline management, repurchases…).
Let’s Encrypt, however, offers certificates that are obtained and managed thanks to simple command lines. They still have a validity date, but there again a simple command line is enough to renew them; the team also works on a deeper automatization, so that in the end administrators won’t even have to send this command. However, it is already possible for them, if they wish, to automate themselves the sending of the command! A real independance…
But that is not all: in the pure spirit of open source, Let’s Encrypt is transparent: both issued and revoked certificates are publicly published, so that anyone can inspect them. Their technology is also published under a open license. A documentation is available on the website, to which all users can contribute.
This initiative aims at securing the Web, without it to be under the control of any organization. It also goes together with the current hardening of anti-privacy laws: indeed, a SSL certificate makes attacks such as “man-in-the-middle” or sniffing much more complicated.
How do I get a SSL certificate with Let’s Encrypt?
Let’s Encrypt, the certificate authority, uses an agent on the webserver it controls to make sure that the latter is indeed linked to the corresponding domain name. It is this technical and automated feature that makes Let’s Encrypt special. It is nothing less or more than an authentication mechanism. Indeed, Let’s Encrypt checks that the agent is running on the specified domain, by asking it, for instance, to change the DNS registrations of the domain, or to place a file on the same domain. When the agent satisfies one of these conditions, Let’s Encrypt marks the server as legitimate and provides it with a SSL certificate.
For more information, go to Let’s Encrypt’s Technical Overview page.
A certificate authority that gathers
Many companies already joined the ranks of Let’s Encrypt’s sponsors: notably Mozilla and Chrome, Facebook, Cisco, Shopify and Automattic (parent company of WordPress and WooCommerce)… but also hosting providers such as OVH or Infomaniak.
Other hosting companies, such as Gandi, are not sponsors but still include Let’s Encrypt certificates in their offers.
Do not hesitate and get more information about Let’s Encrypt!