Another Big Milestone – Let's Encrypt is now offering Free HTTPS certificates to everyone.
Let's Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates for their web servers and to set up HTTPS websites in a few simple steps (mentioned below).
Let's Encrypt – an initiative run by the Internet Security Research Group (ISRG) – is a new, free, and open certificate authority recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer.
The Free SSL Certification Authority is now in public beta after testing a trial among a select group of volunteers.
Why Let's Encrypt?
Let's Encrypt promised to offer a certificate authority (CA) which is:
- Free – no charge for HTTPS certs.
- Automatic – the installation, configuration as well as the renewal of the certificates do not require any administrator action.
- Open – the automatic issuance, as well as renewal procedures, will be published as the open standard.
- Transparent – the records of all certs issuance or revocation will be available publicly.
- Secure – the team is committed to being a model of best practice in their own operations.
- Cooperative – Let's Encrypt is managed by a multi-stakeholder organization and exists to benefit the community, not any of the consortium members.
How to Install Let's Encrypt Free SSL Certificate
First of all, let's say you want to get a certificate for example.com. To run the installation, you must have root access to your example.com web server.
To Generate and Install Let's Encrypt Free SSL Certificate, you must first download and run the Let's Encrypt client application.
To install Let's Encrypt Free SSL certificate follow these Steps:
Step 1: Login to your 'example.com' web server using SSH with root access.
Step 2: To install the Git version control system, type the following command:
apt-get install git
Step 3: Then download and install the latest version of Let's Encrypt Client application, type the following commands:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto
Step 4: Once the installation starts, press Enter to accept the agreement.
Step 5: Then press Enter to specify the server name manually in the text box (for example, www.example.com) and then press Enter.
Step 6: Next, enter your email address, where you can receive messages from Let's Encrypt and to recover lost keys, and then press Enter.
Step 7: Review the 'Terms of Service,' and then press Enter to generate and install the SSL certificate.
Once the installation completes, you'll receive a 'Congratulation' message.
How to Configure Nginx/Apache for Let's Encrypt SSL Certificate
By default, Nginx or Apache web servers are not configured to how to use your new certificates.
For example, in case of Nginx: To use the installed SSL certificate, you need to edit Nginx configuration file. Type the following command to open Nginx configuration file:
$ sudo nano /etc/nginx/sites-available/www.example.com
Within that file, add the following lines.
http{
server{
…
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/.wwwexample.com/privkey.pem;
…
}
}
Save the file, and just restart your Nginx web server, using the following command:
sudo nginx -s reload
Congratulation you have successfully installed SSL certificate for your example.com domain.
How to Renew Let's Encrypt Free SSL Certificate: It is important to note that the beta version of Let's Encrypt issues certificates that expire after 90 days. So, to renew your SSL certificate, you need to run the letsencrypt-auto script again after expiration.
FREE HTTPS Certificates for Everyone!
So, now it's time for the Internet to take a significant step forward in terms of security and privacy. With Let's Encrypt, the team wants HTTPS becomes the default and to make that possible for everyone, it had built Let's Encrypt in such a way that it is easy to obtain and manage.
"There's a reward going for anyone who can find a security hole in the service," the team wrote in a blog post. "We have more work to do before we're comfortable dropping the beta label entirely, particularly on the client experience."
"Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a wide range of platforms. We'll be monitoring feedback from users closely, and making improvements as quickly as possible."
Let's Encrypt had signed its first free HTTPS certificate in September, and its client software emerged in early November. Since then the team has been finding flaws in their systems before going public.