In this world of identify theft and man in the middle attacks, its always nice to see that green lock in the address bar of your browser. As a service provider and providing site hosting for numerous individuals and companies, keeping your site secure and safe is a top priority. There are many ways of doing this including Hardening your site (which I will post about later), ensuring proper firewall settings (Another post for later) and if you’re hosting a website or web application, having an SSL Certificate is also a key especially if you are dealing with users information.
Great so we need an SSL Certificate. That sounds easy. Well it is easy if you don’t mind spending the money. Before LetsEncrypt, if you wanted any sort of reputable SSL Certificate you would have to spend at least $20USD for a single FQDN certificate, and at least $99USD for a wild card certificate (Per year!). Fortunately for us that is no longer the case, a group of large companies, like Akama, Mozilla, and the EFF just to name a few; came together and now offer a free SSL Certificate services including an script that will (when setup for scheduled running) auto renew your certificates.
I have been using this service for a few years now and will likely be switching all my old paid for certificates for free LetsEncrypt certificates. The only restrictions on this service is you have to own the domain you are registering it for. Sounds pretty sweet if you ask me.
Getting started with LetsEncrypt is pretty simple. If you are running on linux, you simply download the script (CertBot) and run it on your system, it will ask you a series of questions such as domain name, entity registering the certificate, etc. The Certbot will do all of the Apache/Nginx configurations for SSL for you if you want it to including placing both the private key and public certificate where they need to go. This is also the same script that you will setup a CRON job for to check your certificate status and update if need be all automatically.
Now if you want to use LetsEncrypt on a windows machine, there are a number of ACME clients out there that will allow you to do this, however I have not tried any of them yet as my Windows hosting days are long in the past. But if you check out the LetsEncrypt Getting Started Guide it will have more information for you there.
All in all I have been pleased with the LetsEncrypt service and am very appreciative of the companies who sponsored it and provide on going support for it. Please go out and check out their site and all the sponsors.