Let's encrypt the world!

Hello all,
as the most attentive of you will have noticed, connection to this website is now via HTTPS, and so it is the connection to all my sub-domains, with valid certificates, thanks to Let’s Encrypt

Author's pictureNov 5, 2015 | Riccardo Padovani | [email protected]

Crypted

What’s HTTPS?

Well, as you know I’m not a native speaker, so I’ll steal from Wikipedia the definition:

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over HTTP within a connection encrypted by Transport Layer Security. The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data.

Why it matters

When they were first developed in the 1990s, HTTPS and SSL/TLS were considered special protections that were only necessary or useful for particular kinds of websites, like online banks and shopping sites accepting credit cards. We’ve since come to realize that HTTPS is important for almost all websites. It’s important for any website that allows people to log in with a password, any website that tracks its users in any way, any website that doesn’t want its content altered, and for any site that offers content people might not want others to know they are consuming. We’ve also learned that any site not secured by HTTPS can be used to attack other sites.

TLS is no longer the exception, nor should it be.

(Source)

What’s Let’s Encrypt?

From Let’s Encrypt website:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).

The key principles behind Let’s Encrypt are:

How this website uses HTTPS

I requested 4 certificates, two for public domains and two for private domains. My private domains were already protected by self signed certificates, but now I can share documents to anyone without having to bother about accepting untrusted certificates.

The two public domains I requested certificates for are rpadovani.com and img.rpadovani.com. In this way all my posts are protected, also the ones which load images from my server. Also fonts and all others assets are loaded from my server, and now it’s all protected.

And all for free, without having to spend time in the configuration.

Great job, Let’s Encrypt!

What you can do

At the moment, Let’s Encrypt is in a closed beta, but it will be public available since 16th of November. So, if you have any website, consider to create certificates for it: it’s free, it’s easy and it makes the web a better place.

Ciao
R.