Free SSL For All Websites Lets Encrypt.
The non-profit foundation Electronic Frontier Foundation (EFF) has partnered with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the internet at the beginning of 2015, in order to encourage people to encrypt users’ connections to their websites.
Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server:
$ sudo apt-get install lets-encrypt
$ lets-encrypt example.com
That’s all there is to it! https://example.com is immediately live.
The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the servear you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost.
- Automatic: The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background.
- Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices.
- Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.
- Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.
Running the demo code
The demo code is supported and known to work on Ubuntu only (even closely related Debian is known to fail). Therefore, prerequisites for other platforms listed below are provided mainly for thedevelopers reference.
Prerequisites
In general:
Ubuntu
sudo apt-get install python python-setuptools python-virtualenv \
python-dev gcc swig dialog libaugeas0 libssl-dev
Mac OSX
sudo brew install augeas swig
Installation
virtualenv --no-site-packages venv
./venv/bin/python setup.py install
sudo ./venv/bin/letsencrypt
Hacking
In order to start hacking, you will first have to create a development environment:
./venv/bin/python setup.py dev
The code base, including your pull requests, must have 100% test statement coverage and be compliant with the coding style. The following tools are there to help you:
./venv/bin/tox
starts a full set of tests. Please make sure you run it before submitting a new pull request../venv/bin/tox -e cover
checks the test coverage only../venv/bin/tox -e lint
checks the style of the whole project, while./venv/bin/pylint file
will check a singlefile
only.
Coding style
Most importantly, be consistent with the rest of the code, please.
- Follow Google Python Style Guide, with the exception that we use Sphinx-style documentation:
def foo(arg): """Short description. :param int arg: Some number. :returns: Argument :rtype: int """ return arg
- Remember to use
./venv/bin/pylint
.
Command line usage
usage: sudo letsencrypt.py [-h] [-d DOMAIN [DOMAIN ...]] [-s SERVER] [-p PRIVKEY]
[-c CSR] [-b ROLLBACK] [-k] [-v] [-r] [-n] [-e] [-t]
[--test]
An ACME client that can update Apache configurations.
optional arguments:
-h, --help show this help message and exit
-d DOMAIN [DOMAIN ...], --domains DOMAIN [DOMAIN ...]
-s SERVER, --server SERVER
The ACME CA server address.
-p PRIVKEY, --privkey PRIVKEY
Path to the private key file for certificate
generation.
-c CSR, --csr CSR Path to the certificate signing request file
corresponding to the private key file. The private key
file argument is required if this argument is
specified.
-b N, --rollback N Revert configuration N number of checkpoints.
-k, --revoke Revoke a certificate.
-v, --view-checkpoints
View checkpoints and associated configuration changes.
-r, --redirect Automatically redirect all HTTP traffic to HTTPS for
the newly authenticated vhost.
-n, --no-redirect Skip the HTTPS redirect question, allowing both HTTP
and HTTPS.
-e, --agree-eula Skip the end user license agreement screen.
-t, --text Use the text output instead of the curses UI.
--test Run in test mode.
Source:
EFF, Lets Encrypt
0 comments:
Post a Comment
Note: only a member of this blog may post a comment.