You may notice something different on your favourite blog. Left of the URL in the address bar there is a little green lock! This means piks.nl is now served to you via SSL/TLS. You know, https:// instead of http://. This means the connection, and therefore, traffic between you and the website is more secure, because it is encrypted.
This was way overdue, even more so because it’s oh so easy now with Let’s Encrypt.
Let’s Encrypt
Let’s Encrypt offers free and automatically renewable SSL/TLS certificates for everyone. Using certificates has been around a long time, and are part of a secure internet but 4 things were always a hassle:
- Certificates cost money.
- Certificates expire and renewal is something you have to plan/take care of. It’s not automatic.
- Validation is a bit of a pain (sending and replying specific emails)
- Configuration is a lot of pain (webserver dependent, a lot of different files, creating, moving copying etc.)
Let’s Encrypt solves all of these problems.
I also run a couple of webshops so having certificates was kind of a big deal. And I had the first certificate running in 15 minutes. Pretty neat! I should have done this earlier.
What makes it so easy is mainly because of this great tool that Let’s Encrypt provides: certbot.
This bot takes care of (automates!) all the steps — there is always a manual override if you’re that kind of person. You download the bot, you unpack it, you run it, follow the configuration steps and the bot will create certificates and even update your Apache (webserver) configuration and reload the webserver and you’re done. You have to do very little.
After that you can set your cron/systemd config to automatically renew the certificates for you. Certificates expire, that’s sort of part of what makes them secure.
What more can you ask for?
So what?
Why would I need this? Well, 2 reasons:
- As said, I also run a couple of webshops. Having your customers send their personal/order/account/credit card information over an unsecured connection is not really something you want in 2017 (or, you know, ever). Sure, a blog doesn’t typically handle customer information, but it’s still relevant. Also, because:
- Google will start (or already is) ranking SSL/TLS sites higher. So you need this if you want your site to show up in Google. SEO baby!
So having a certificate is not only more secure but it’s also a sort of a quality stamp for your site.
Why should I trust Let’s Encrypt?
You don’t. You can still buy and manage certificates from regular SSL providers. No problem. If you’re sceptical about LE, you can read a little bit about them here or here. But I highly recommend it.