Al­most a year ago, an ini­ti­at­ive to de­liver a free, se­cure and easy SSL/TLS to every­body on the web was an­nounced. That’s Let’s En­crypt. I’ve been fol­low­ing the pro­ject closely ever since and, yes­ter­day, have re­ceived an in­vite to test Let’s En­crypt through their closed beta pro­gram.

There­fore… my per­sonal web­site is avail­able through HT­TPS and SPDY1! This was the first time I had any­thing to do with set­ting up TLS and I can’t say it was a fun ex­per­i­ence. I don’t even want to think how bad set­ting up TLS is through tra­di­tional means.

Setup

Once Let’s En­crypt is made avail­able pub­licly, set­ting up a server to use TLS should be as easy as get­ting letsencrypt tool onto your server and an­swer­ing two or three ques­tions after launch­ing said tool. Ta-dah! TLS is up! However, this be­ing a closed beta and my server be­ing one of those low-end kind, I ran into some is­sues, and some manual fid­dling was ne­ces­sary to set the things up prop­erly.

In­stall­a­tion pro­cess of the letsencrypt tool com­piles some non­trivial nat­ive lib­rar­ies. 192MB avail­able on my server2 were not enough for GCC to deal with the task and I had to com­pile the ne­ces­sary lib­rar­ies else­where. I also op­ted to use the manual au­then­tic­at­or, be­cause the nginx au­then­tic­ator has a scary warn­ing about it not work­ing yet. Once the au­then­tic­a­tion pro­cess was com­plete, though, all the ne­ces­sary cer­ti­fic­ates were up and ready to go in /etc/letsencrypt/live be­fore I coun­ted to three. Awe­some!

Per­spect­ive

Provided the letsencrypt tool in­deed works as ad­vert­ised (it seems there’s noth­ing out there pre­vent­ing Let’s En­crypt from achiev­ing that), I see ab­so­lutely no more reas­ons for a web­site without TLS sup­port ex­ist. On the other hand, there are plenty of reas­ons for non-TLS web­sites to im­ple­ment TLS: other than the ob­vi­ous more-se­cur­ity pro­pa­ganda, the browser vendors are strongly en­cour­aging en­cryp­tion via mis­cel­laneous means too. For ex­ample, Fire­fox Night­lies now rep­res­ent web­site as in­sec­ure when a pass­word field ex­ists on a HTTP site and there’s some browsers (Chrome and Fire­fox, at least), that only sup­port HT­TP/2 and SPDY over TLS.

Suc­cess of Let’s En­crypt would also strongly in­flu­ence the mar­ket of SSL/TLS cer­ti­fic­ates – com­pet­i­tion would be forced to provide at least a single free or very cheap (sub­-€/sub­-$) op­tion to ob­tain­ing a cer­ti­fic­ate signed by them, as well as greatly im­prov­ing UX of gen­er­at­ing and man­aging said cer­ti­fic­ates. I hear things aren’t in a good shape cur­rently.

All in all, I’m now even more en­thu­si­astic about the fu­ture of the web and what Let’s En­crypt pro­ject is bring­ing to the table. Thanks for all the hard work!