Why Let’s Encrypt is important and usage is surging
Do you want a free SSL certificate for your website? Do you want to avoid having to constantly spend money on the so-called premium certificates online, but you also desire to have a very high level of security? If that is the case, Let’s Encrypt is the perfect solution for you! But what makes this particular service a go-to option for many? The answer is simple - quite a lot of things!
Brief history of SSL certificates
Prior to the introduction of Let’s Encrypt, browsers didn’t accept any free certificates issued by any authority. This meant that you needed to pay an annual or monthly fee to buy a SSL from an established CA such as GeoTrust or Comodo/Sectigo.
Because of this, site owners that wanted to have an active SSL had to spend quite a lot of money in the long run and seeing as how search engines such as Google started to value SSL certificates and online user privacy and security, it was evident that something needed to change. While they have changed over the years with one example being EV SSL certificates, their importance remains the same.
Search engines and the need to protect users’ personal information online made it clear that a change needed to take place. This, alongside the fact that site owners wanted to have the option to get an SSL certificate for free, is what ultimately led to the creation of Let’s Encrypt.
Let’s Encrypt - the best free SSL certificate?
Let's Encrypt is a free service developed and released by the non-profit organization Internet Security Research Group (ISRG). The project itself is also sponsored by giant companies such as Google, Facebook, Cisco, Mozilla Foundation, Internet Societe and the Linux Foundation amongst others. The idea behind the creation of the service was to help both online users and website owners, ultimately making the Web a lot safer and substantially more secure.
Initially, it was believed that premium certificates would still be better in terms of overall security, however, such claims were quickly disputed. Let’s Encrypt does not only offer to issue free SSL certificates, but the service is also capable of automating the entire process. This feature was quite needed as the free certificate could only be issued for a period of 3 months. However, the automation feature made it possible to have the certificate renew automatically when it expired.
Furthermore, the quality that this free alternative offered in terms of security and data encryption was at the level of the existing premium certificates on the market. This, consequently, made Let’s Encrypt a very lucrative choice for website owners due to the fact that there weren’t really any downsides to the service.
Automated validation methods
The automated validation by the Let’s Encrypt servers is possible with several methods. The following sections focus on 2 of them in particular.
This method involves Let’s Encrypt giving a token to your ACME client. Your ACME client then goes ahead and puts a special file on your web server. Finally, your server checks whether that file is present. The process can also be easily automated with cert-bot for example.
However, this method also has the disadvantage of being unable to issue wildcard certificates. Additionally, if you own multiple web servers, you need to make sure that the file is available and can be accessed on all of them, regardless of whether they run on Windows or a linux distribution such Ubuntu, Debian or any of the new ones like AlmaLinux.
The other automated validation method is the DNS–01. It involves proving that you have control over the DNS and notifying Let’s Encrypt that you do so. The more in-depth explanation is as follows:
Let’s Encrypt gives your ACME client a token. The token is then used to create a TXT record, which derives from that token and your account key. Using this method, you can get an SSL certificate for wildcard domain names. Additionally, this also works for multiple web servers as well in contrast to the HTTP method that we previously discussed.
However, there is also one disadvantage - you must either have the DNS server hosted on the same machine as the web server or you must have an API for the DNS that is controlled by the same machine, which in some cases can be quite risky.
As a side note, we do provide an automated tool for our shared hosting service. If you are using our DNS, a SSL certificate will be issued automatically for all domains that you add, saving you a lot of time and effort and also keeping you safe in the process.
In conclusion, Let’s Encrypt does have many benefits with some of them being:
- It's absolutely free! Any site owner can obtain a SSL certificate for their domain absolutely free of charge!
- It can be automated! The method of issuing a new certificate when the old one expires can be easily automated and there are also a number of tools that help you do so.
- It's simple! Never have to worry about payments, emails, certificate validations or renewals ever again!
- It's secure! Let’s Encrypt is as safe and secure as any premium SSL certificate and there are many large organizations that are using it such as Debian.