Let's Encrypt and the Long Journey to No-Cost SSL
By Christopher Robison
If you’ve been around the web for as long as I have, you may remember when a SSL or “secure cert” could cost a company thousands of dollars each year just to maintain a valid certificate. Things have changed quite a bit since those days. Security is no longer a “nice to have”, it is a necessity. But the good news is that it is now free! That’s right, $0. Zip. Ziltch. Out of the goodness of their hearts and for the greater good, some of the biggest players in Silicon Valley got together and formed something called Let’s Encrypt.
What is Let’s Encrypt?
Let’s Encrypt is a free, automated, and open Certificate Authority (CA) launched in April 2016. It’s a project of the Internet Security Research Group (ISRG), backed by major companies like Mozilla, Cisco, Akamai, Google Chrome, and Facebook. The primary goal of Let’s Encrypt is to make encrypted connections on the web ubiquitous and easy to set up.
The Backers and Goals
The backing by industry giants provides Let’s Encrypt with the necessary resources and credibility. These companies have a shared interest in making the web more secure and privacy-respecting. The goal of Let’s Encrypt is simple yet ambitious: to encrypt the entire web, making HTTPS the default web protocol.
Switching to HTTPS not only secures the data between your website and its users but also boosts your SEO rankings, as search engines like Google favor secure sites. It also gives your visitors confidence, knowing their data is protected. And best of all, it’s free and they have made it dead simple to setup in almost any environment.
Upgrading to HTTPS with Certbot
Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administered websites to enable HTTPS. It’s developed by the Electronic Frontier Foundation (EFF) and is designed to simplify the process of setting up and maintaining an HTTPS server. Certbot isn’t the only tool for working with Let’s Encrypt’s ACMEv2 protocol, they provide a great list of ACMEv2 clients for a variety of languages and environments.
We’re going to stick with certbot since it does everything we need. Certbot can automatically upgrade/update most server configurations and supports a variety of web servers such as Apache and nginx. Site verification can be handled automatically by certbot or you can verify manually using DNS or by placing a file in your servers document tree.
Now that we’ve got the what, who, and why out of the way, let’s actually set up HTTPS for a basic Apache installation.
This ia a basic guide to get you started with Certbot. They make this either very simple or very difficult depending on your setup. The more standard your setup, the more likely it will work out of the box. Note that you’ll need shell access to your web server and appropriate permissions to execute commands.
Install Certbot: The first step is to install Certbot. The installation method varies depending on your server’s operating system but certbot is included in most package managers. For a Linux server running Debian, you would use:
sudo apt-get update sudo apt-get install certbot
Choose Your Web Server and Operating System: Go to the Certbot website and select your web server and operating system for tailored instructions.
Get and Install Your Certificates: To setup and configure Apache, run Certbot with the following command, replacing
your_domainwith your actual domain name:
sudo certbot --apache -d your_domain.com -d www.your_domain.com
This command will run Certbot with the
-dto specify the domains. Change the plugin[s] being used based on your server and configuration. You can get a list of available plugins by running:
sudo certbot plugins
Test Automatic Renewal: Let’s Encrypt certificates are valid for 90 days. Test the automatic renewal process with:
sudo certbot renew --dry-run
Set Up Auto-Renewal: You can set up a cron job or a systemd timer for automatic renewal.
Verify HTTPS: Once installed, visit your website with
https://to ensure everything is working correctly.
Switching to HTTPS is no longer a matter of choice but a necessity in the modern web. With tools like Let’s Encrypt and Certbot, this transition becomes accessible to everyone, regardless of budget. It’s a small step for a single website but a giant leap towards a more secure and trustworthy internet.
Remember, the web is a shared resource, and we all have a part in keeping it safe and accessible. Happy encrypting!