It just got easier to secure your sites
More websites are moving over to serving their sites over HTTPS now to secure the data transmission for their end users. For awhile, this was almost exclusively done for sites that required payment or other personal information. Nowadays, end users are becoming more concerned about their privacy while browsing the web. Ensuring websites are secure is crucial to maintain the privacy of your personal information to make sure it does not land it the wrong hands. Now, it’s easier than ever to secure your websites.
It used to be that you had to purchase an SSL certificate to secure your web traffic from one of a few Certificate Authorities. Depending on the type of certificate, this could get quite expensive. Signing your own certificate would also show browser warnings. A new Certificate Authority has entered the space called Let’s Encrypt. Let’s Encrypt is made of a conglomeration of companies such as Akamai, Cisco, EFF, Mozilla, and many others. Their goal is to help bring secure site delivery to the masses. Let’s Encrypt offers free SSL certificates through Domain Validation. What this means is that the script adds a file to the server that can be accessed over the internet. Once this is done, the Let’s Encrypt Certificate Authority makes a request back to check if the file exists. If it does, it issues the certificate and provides you the location to install it.
Free, Automated, and Secure Site Delivery
Let’s Encrypt just left beta status, so it is officially available for use to the public. They have created a few scripts that will install all of the require dependencies on the web server for you. From there, scripting the procurement and renewal of the certificates is relatively simple with their documentation. Web hosts are also starting to install plugins for their various interfaces to handle this for their users to easily install certificates. The company that hosts this site – ExiaHost – has recently made Let’s Encrypt available to all of their shared hosting users free of charge.
The one potential drawback is that the certificates are only valid for 90 days. Most certificates from other vendors will be at least a year and can be purchased for longer if needed. Automating the renewal process is relatively simple and can overcome this short validity period. With the ability to obtain a free certificate and automate the renewal, there is now no reason not to secure your website today!