Enhancing security and privacy with Let's Encrypt

This post was originally written for Green Chameleon.

It used to be that strong security was only considered a necessity for e-commerce sites, or sites handling sensitive personal information - but that perception is rapidly changing.

Securing a site with an HTTPS connection was once seen as an unnecessary expense unless there was a specific business reason for doing it, or a legal requirement - operating a checkout system and taking payment details from users, for instance. Now that security and user privacy are increasingly hot topics, creating a safe and trusted site is vital. There are other benefits, too: securing your site with HTTPS gives it a minor SEO boost with Google's algorithm, and in Chrome sites that are using plain old HTTP now display a little "info" icon in the address bar that warns users that their "connection to this site is not private" when clicked.

How are websites encrypted?

One of the steps taken to secure a site is the use of an SSL/TLS certificate to verify the identity of the server where the site is hosted, and once this identity is confirmed, web browsers are able to establish a secure, encrypted connection to the server. Many sites sport a padlock icon next to their address in your browser’s address bar: this icon means that the site has presented your browser with an SSL/TLS certificate that has been verified, and that your connection is secure. You can usually click the icon to see more information about the validity of the certificate, and the type of encryption protecting your connection to the site.

Virtually all web hosting providers sell SSL/TLS certificates, and while prices vary from provider to provider, many website owners simply leave their sites unencrypted since it’s an optional (and continual) expense because of the way SSL/TLS certificates are issued and renewed.

Free SSL/TLS Certificates with Let’s Encrypt

To rectify this situation, the Internet Security Research Group (ISRG) set about creating a free, open, and importantly automated Certificate Authority called Let’s Encrypt. By removing the financial barrier and automating the process of issuing and renewing SSL/TLS certificates, ISRG aims to encourage much wider adoption of encryption on the web, hopefully making it a safer place. It seems to be working: as of early November 2016, Let’s Encrypt is securing an incredible 15 million domains, and the number is climbing.

GC ♥ 🔒

Here at Green Chameleon we’ve configured our webservers to use Let’s Encrypt for SSL/TLS certificate management, and are pleased to offer free HTTPS to all clients on our managed VPS hosting service.