Free SSL For All Websites Lets Encrypt.
The non-profit foundation Electronic Frontier Foundation (EFF) has partnered with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the internet at the beginning of 2015, in order to encourage people to encrypt users’ connections to their websites.
Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server:
$ sudo apt-get install lets-encrypt
$ lets-encrypt example.com
That’s all there is to it! https://example.com is immediately live.The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the servear you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost.
- Automatic: The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background.
- Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices.
- Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.
- Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.
Running the demo code
sudo apt-get install python python-setuptools python-virtualenv \ python-dev gcc swig dialog libaugeas0 libssl-dev
virtualenv --no-site-packages venv ./venv/bin/python setup.py install sudo ./venv/bin/letsencrypt
Command line usage
usage: sudo letsencrypt.py [-h] [-d DOMAIN [DOMAIN ...]] [-s SERVER] [-p PRIVKEY] [-c CSR] [-b ROLLBACK] [-k] [-v] [-r] [-n] [-e] [-t] [--test] An ACME client that can update Apache configurations. optional arguments: -h, --help show this help message and exit -d DOMAIN [DOMAIN ...], --domains DOMAIN [DOMAIN ...] -s SERVER, --server SERVER The ACME CA server address. -p PRIVKEY, --privkey PRIVKEY Path to the private key file for certificate generation. -c CSR, --csr CSR Path to the certificate signing request file corresponding to the private key file. The private key file argument is required if this argument is specified. -b N, --rollback N Revert configuration N number of checkpoints. -k, --revoke Revoke a certificate. -v, --view-checkpoints View checkpoints and associated configuration changes. -r, --redirect Automatically redirect all HTTP traffic to HTTPS for the newly authenticated vhost. -n, --no-redirect Skip the HTTPS redirect question, allowing both HTTP and HTTPS. -e, --agree-eula Skip the end user license agreement screen. -t, --text Use the text output instead of the curses UI. --test Run in test mode.
EFF, Lets Encrypt