Until recently, adding SSL security to a website was considered complicated and expensive. A valid SSL certificate from a reputable issuing authority could cost anywhere between £20 to £1,200; some companies even sold their SSL certificates for more. The World Wide Web community needs an affordable and reliable way to encrypt web communications using SSL. This is where Let’s Encrypt comes in.
What is Let’s Encrypt?
In simple words, Let’s Encrypt is a fully-automated SSL certificate issuer. It is developed by the Internet Security Research Group to be the answer to the problem we talked about earlier. Instead of having human review each certificate request manually, Let’s Encrypt will handle domain verification and certificate creation automatically.
We can safely say that Let’s Encrypt is a certificate authority on its own, similar to well-known names such as Verisign and DigiCert. They work in exactly the same way, albeit with a different level of coverage.
Verisign, for instance, can issue Extended Validation SSL Certificates, which includes verification of the domain name, the right of the applicant to use that domain name as well as details about the person or organisation behind the certificate request. Let’s Encrypt, on the other hand, focuses more on domain-level certification.
The good news is, anyone can use Let’s Encrypt. The cost of getting an SSL certificate from Let’s Encrypt? £0. Yes, this service is available for free. You also don’t need to worry about the complicated setup process or other common issues with SSL security. There are a lot of tutorials and even scripts designed to automate setup on your server.
How do I get an SSL certificate from Let’s Encrypt?
The process is fairly straightforward. You start by verifying your domain name ownership and your right to use that particular domain name. You don’t have to file this manually. You do this by using a client – that is compatible with the ACME protocol – on your server.
Certbot is perhaps the easiest client to use. it is fully automated and will handle everything for you. Once Certbot is installed, it will interact with Let’s Encrypt’s server, generating public and private keys in the process. The public key is what Let’s Encrypt uses to identify your server or particular domain name.
Let’s Encrypt will then issue a set of challenges to validate the domain name. At this stage, Certbot will handle the task of answering those challenges correctly. I know; I’m just as amazed. The first time I tried this process, I was completely blown away by how simple it is!
It takes no more than a few minutes to get the domain name verified. Once this step is completed, you can ask for a valid certificate for your domain name. This step is just as automated as the previous one.
You only need to tell the client – in this example, Certbot – to request the certificate. As long as Let’s Encrypt can verify the signatures created in the earlier process, a certificate will be issued right away. The client will then set up the certificate accordingly and you can start using HTTPS once it is completed.
Tips on Using Let’s Encrypt
As you can tell from the previous parts, Let’s Encrypt is very easy to use. If you are on a VPS or a dedicated server, setting up Let’s Encrypt should be pretty straightforward. For shared hosting users, however, there are a few workarounds you can use to get the SSL certificate you need.
There are web-based clients compatible with Let’s Encrypt. You can use ZeroSSL or Get HTTPS for Free to help you get the SSL certificate you need. Once the certificate is generated, you can then install it on your hosting account and activate HTTPS.
Don’t hesitate to get help. Most hosting companies will help you install the necessary SSL certificate for you. If you are not sure about what you are doing, you can simply forward the valid certificates to the support staff and have them installed.
WordPress users can also install Let’s Encrypt through a plugin. The plugin is called Let’s Encrypt WP (unsurprisingly) and can be downloaded here. Some hosting control panels and web applications also have Let’s Encrypt fully integrated out of the box.
Last but certainly not least, learn more about SSL certificates before generating your own. You can avoid common mistakes when you know what you are doing. For example, the same SSL certificate will not work for different subdomain names. You also need to have different certificates for different domains, even when they are hosted on the same server.
A free SSL certificate that you can use to protect data transmissions from and to your server or websites? It would be a waste not to take on this offer. Let’s Encrypt is a great way to get started with SSL security nonetheless.