Nowadays, having an SSL (Secure Sockets Layer) certificate on your website is highly recommended.
Apart from increasing security, the HTTPS encryption on your site, provided by SSL certificates, also acts as a search engine ranking factor for your site. Moreover, popular browsers have started marking non-HTTPS pages as insecure in a visible-to-the-user manner.
Meanwhile, a public-benefit authority for providing an all-free HTTPS encryption solution to users was created. Exclusive Hosting fully supports this initiative.
In this article we will brief you on the revolutionary Let’s Encrypt initiative. We will also compare Let’s Encrypt SSLs with standard SSLs.
What is Let’s Encrypt?
Let’s Encrypt was established on April 12, 2016 and it’s an open certificate authority (CA). It provides free X.509 certificates to website owners, so that they can enable HTTPS (SSL/TLS).
The reason for launching Let’s Encrypt was to help making the secure HTTPS encryption more affordable for regular website owners. The top priority of Let’s Encrypt creators is a secure, privacy-driven world wide web.
All Let’s Encrypt certificates are:
- free to use: each domain name owner can obtain a trusted certificate at absolutely no cost;
- automatic: the certificate setup and renewal procedures are fully automated; no human intervention is needed;
- simple to use: there are neither payments to make, nor validation emails to respond to;
- secure: Let’s Encrypt serves as a platform for implementing the latest security practices;
- fully transparent: all issued certificates are publicly available for anyone to view;
- open: the issuance and renewal protocol is published as an open standard that can be adopted;
- ‘self-regulated’: Let’s Encrypt is a joint community effort, beyond the control of any organization;
How exactly does the validation work?
In general, for an SSL certificate to be issued, a request to a trusted certificate authority must be sent.
Let’s Encrypt has successfully bypassed this procedure by eliminating the human factor.
The non-human solution applied by Let’s Encrypt turns out to be relatively simple.
It’s in the form of a certificate management software agent that runs on an HTTPS server. Its responsibility is to automatically obtain browser-trusted SSL certificates from Let’s Encrypt.
For this to happen, the certificate management agent is required to prove that the specific server on whose behalf it communicates controls the domain in need of SSL.
For example, the certificate authority might require the agent to provide a DNS record (we use this validation method on Exclusive Hosting’s platform) and an HTTP resource;
After that the management agent has to sign a nonce provided by the CA. This way it proves its control over the key pair.
Then the certificate authority (CA) has to check whether the agent has met all of the aforementioned requirements.
If so, the certificate management agent will be provided with authorization for the certificate management of the specific domain.
Are regular SSLs any different from Let’s Encrypt SSLs?
The SSL certificates provided by Let’s Encrypt are easy-to-get and entirely free.
The Let’s Encrypt certificate has the same level of encryption like standard SSLs, so that your visitors can rest assured that the info they’re exchanging with your domain is protected against eavesdropping at all times.
All popular browsers recognize the SSL certificates issued by Let’s Encrypt.
If a website uses an SSL from Let’s Encrypt, there’s “https://” at the beginning of the URL in the address bar as well as a green padlock.
Therefore, the level of security is identical to regular non-free SSLs.
The thing is that, if you own a major business, you’ll probably consider a security guarantee against online abuses a must.
This is the basic difference between standard and Let’s Encrypt SSL certificates.
For that reason, your choice should be based on the particular website you’d like to protect with an SSL.
The free Let’s Encrypt SSLs are suitable for non-commercial websites like blogs, photo galleries, etc and/or small commercial sites.
The paid commercial SSL certificates are normally used for e-stores and other commercial types of websites. The main reason is the strict warranty against misuse that they offer.
How can I get a Let’s Encrypt SSL for my website?
You just need to visit the Hosted Domains section of the Web Hosting Control Panel.
When you get there, left-click on the Edit Host icon which can be found in the Actions column:
After that, click on the SSL Certificates drop-down menu:
Choose the ‘Request Let`s Encrypt SSL’ option which is at the bottom of the list of SSL options.
Then all you have to do is click on Edit Host and your SSL certificate will be generated in a couple of seconds.
NOTE: Double-check whether you’ve selected a shared SSL IP address from the IP Address drop-down menu. A dedicated IP address option is also available in most of the cases.
You’re all done! Your brand new free Let’s Encrypt SSL certificate is installed and ready to protect the domain you’ve selected.
As a confirmation, your domain will have a Let’s Encrypt icon in the SSL table:
From this moment on, whenever you or any of your site visitors enter your domain name in a web browser a green padlock will appear in front of it:
Your website will be recognized as secure by all popular web browsers and this will be visible to everyone.
NOTE: The Let’s Encrypt SSL certificate generation process includes domain/DNS validation. This means that your domain will need valid NS records.
In case the ‘Do Not Manage DNS’ is selected for a domain, then the Let’s Encrypt feature will not be visible.
How do I properly install a Let’s Encrypt SSL certificate?
Once your website is available over HTTPS, double-check its overall functionality. Also, whether http://www.my-site-name.net is actually pointing to https://www.my-site-name.net.
You can easily check if HTTPS works the way that it should by using an online service. For instance, the free SSL Labs. It will carefully check the configuration of every SSL server for you.
Once it’s ready, load the pages of your website in a web browser and check whether there’s a green padlock on the left of their URLs.
When your sites are available over HTTPS, there’s one more thing you need to do. You have to redirect all of the HTTP URLs to the corresponding HTTPS counterparts. To do this, just add several line of program code in the .htaccess file.
As a result, search engines will now consider for their ranking only your newly-updated HTTPS URLs.
For checking whether your site’s HTTP->HTTPS redirection was successful, follow these steps:
1) Type in your-domain.com in the Google search bar.
2) Make sure that all of the indexed webpage links are currently using the HTTPS protocol.
Of course, the Googlebot will need some time to pick up your redirection.
Remember to submit an updated sitemap for your website.
The HTTP and HTTPS versions of a website are considered separate websites by the Search Console. That’s why, you have to add a new HTTPS property before re-submitting the sitemap.
Should you receive mixed HTTP/HTTPS content warnings, fix them with the SSL Insecure Content Fixer and similar software tools.
Started in mid-2016, Let’s Encrypt is the most popular global SSL certificate initiative to date. Over 24 000 000 SSL certificates have been issued as of December 2017, so the goal of making the Internet a safer place will be achieved in the recent future.
Check out Exclusive Hosting’s blog for more news about the newly enabled Let’s Encrypt certificates on our platform.