Website traffic security, one of the biggest concerns for a free and open Internet, has needed fixing for some time. The aging HTTP protocol, which is the default protocol in use by the majority of sites worldwide, is inherently insecure and provides no protection to sites or visitors from threats that range from surveillance through phishing and identity theft.
The good news is that HTTPS – a secure cryptographic version of HTTP – exists and when deployed correctly addresses many of these issues. But HTTPS has historically been cumbersome and costly for website operators to implement and maintain, limiting its potential impact.
Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands.
Let’s Encrypt will be a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG).
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
No validation emails, no complicated configuration editing, no expired certificates breaking your website.
If you’d like to know more about how this works behind the scenes, check out their technical overview.