Monday, 1 December 2014
0 comments

Free HTTPS/SSL For All Websites Lets Encrypt


Free SSL For All Websites Lets Encrypt.

The non-profit foundation Electronic Frontier Foundation (EFF) has partnered with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the internet at the beginning of 2015, in order to encourage people to encrypt users’ connections to their websites.

Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server:
$ sudo apt-get install lets-encrypt
$ lets-encrypt example.com
That’s all there is to it! https://example.com is immediately live.
The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the servear you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost.
  • Automatic: The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background.
  • Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices.
  • Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.
  • Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.
  • Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.

Running the demo code
The demo code is supported and known to work on Ubuntu only (even closely related Debian is known to fail). Therefore, prerequisites for other platforms listed below are provided mainly for thedevelopers reference.

Prerequisites

In general:
  • swig is required for compiling m2crypto
  • augeas is required for the python-augeas bindings

Ubuntu

sudo apt-get install python python-setuptools python-virtualenv \
  python-dev gcc swig dialog libaugeas0 libssl-dev

Mac OSX

sudo brew install augeas swig

Installation

virtualenv --no-site-packages venv
./venv/bin/python setup.py install
sudo ./venv/bin/letsencrypt

Hacking

In order to start hacking, you will first have to create a development environment:
./venv/bin/python setup.py dev
The code base, including your pull requests, must have 100% test statement coverage and be compliant with the coding style. The following tools are there to help you:
  • ./venv/bin/tox starts a full set of tests. Please make sure you run it before submitting a new pull request.
  • ./venv/bin/tox -e cover checks the test coverage only.
  • ./venv/bin/tox -e lint checks the style of the whole project, while ./venv/bin/pylint file will check a single file only.

Coding style

Most importantly, be consistent with the rest of the code, please.
  1. Follow Google Python Style Guide, with the exception that we use Sphinx-style documentation:
    def foo(arg):
       """Short description.
    
       :param int arg: Some number.
    
       :returns: Argument
       :rtype: int
    
       """
       return arg
  2. Remember to use ./venv/bin/pylint.

Command line usage

usage: sudo letsencrypt.py [-h] [-d DOMAIN [DOMAIN ...]] [-s SERVER] [-p PRIVKEY]
                      [-c CSR] [-b ROLLBACK] [-k] [-v] [-r] [-n] [-e] [-t]
                      [--test]

An ACME client that can update Apache configurations.

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN [DOMAIN ...], --domains DOMAIN [DOMAIN ...]
  -s SERVER, --server SERVER
                        The ACME CA server address.
  -p PRIVKEY, --privkey PRIVKEY
                        Path to the private key file for certificate
                        generation.
  -c CSR, --csr CSR     Path to the certificate signing request file
                        corresponding to the private key file. The private key
                        file argument is required if this argument is
                        specified.
  -b N, --rollback N    Revert configuration N number of checkpoints.
  -k, --revoke          Revoke a certificate.
  -v, --view-checkpoints
                        View checkpoints and associated configuration changes.
  -r, --redirect        Automatically redirect all HTTP traffic to HTTPS for
                        the newly authenticated vhost.
  -n, --no-redirect     Skip the HTTPS redirect question, allowing both HTTP
                        and HTTPS.
  -e, --agree-eula      Skip the end user license agreement screen.
  -t, --text            Use the text output instead of the curses UI.
  --test                Run in test mode.

Source:
EFF, Lets Encrypt

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

 
Toggle Footer
Top