Josh Yeager is HighGear’s Chief Operating Officer and one of our co-founders, and today he writes on Let’s Encrypt, a solution for easily securing your website traffic:
Surprisingly, it has never been possible to automatically encrypt your web site. HTTPS is the foundation Internet security, and it has always required a system administrator to manually request a security certificate and wait for it to be set up for them. And if they forget to repeat that process every year, their site will become insecure when their certificate expires.
Now, an organization called Let’s Encrypt (founded by Alex Halderman, James Kasten, the EFF, and Mozilla) is releasing a system that handles the whole process automatically. Admins can just run one command on each web server, and it sends a certificate request, securely proves that they own the domain they are certifying, and seamlessly installs the certificate on the server. Then it automatically renews the certificate every time the old certificate is about to expire, so you never have to worry about lapse.
This is helpful to many types of people. Professional sysadmins benefit because it saves them work and reduces their risk. Geeks with personal servers benefit because they can now use HTTPS for free. And small businesses benefit because they can make their customers more secure without specialized IT expertise. This will mean that many more web sites are securely encrypted in the future, which will make the Internet better for everyone.
I am personally excited about Let’s Encrypt because customers can install HighGear on their own web servers, and right now HTTPS requires them to do extra work. They have to buy a certificate for each of their web servers, install it manually and remember to renew them when they expire. Once Let’s Encrypt proves itself, we plan to add an option to our installer to automatically set up and renew HTTPS certificates with no manual action required.
Let’s Encrypt is helping individuals and businesses make their lives more secure and simpler at the same time. They are currently in beta, and they plan to release their solution to the public by November 20, 2015. Their efforts directly improve the security of the whole Internet and they should be commended for their clear vision and hard work.
UPDATE – March 8, 2016: Let’s Encrypt just issued their millionth certificate!
- How to use Let’s Encrypt: https://letsencrypt.org/how-it-works/
- How Let’s Encrypt makes sure you are the admin of the domain you’re securing: https://letsencrypt.org/docs/faq/#technical