[LINK] Let’s Encrypt: Delivering SSL/TLS Everywhere

Tue Dec 23 22:44:14 AEDT 2014

https://letsencrypt.org

Let’s Encrypt

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. 

The key principles behind Let’s Encrypt are:

    * Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate
       at zero cost.

    * Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly
       obtain a certificate, securely configure it for use, and automatically take care of renewal.

    * Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, 
       both on the CA side and by helping site operators properly secure their servers.

    * Transparent: All certificates issued or revoked will be publicly recorded and available for
       anyone to inspect.

    * Open: The automatic issuance and renewal protocol will be published as an open standard
       that others can adopt.

    * Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint
       effort to benefit the community, beyond the control of any one organization.

ISRG

Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).

Internet Security Research Group (ISRG) is a California public benefit corporation whose application for recognition of tax-exempt status under Section 501(c)(3) of the Internal Revenue Code is currently pending with the IRS. ISRG’s mission is to reduce financial, technological, and education barriers to secure communication over the Internet.

ISRG is proudly sponsored by a diverse group of organizations, from non-profits to Fortune 100 companies. We believe we can set an example for how everyone interested in a more secure Internet can work together to provide digital infrastructure for the public’s benefit. See this page for more on our sponsors.

ISRG Board of Directors

ISRG is overseen by individuals from a variety of backgrounds. Our current board members are:

    Josh Aas (Mozilla) — ISRG Executive Director
    Stephen Ludin (Akamai)
    Dave Ward (Cisco)
    J. Alex Halderman (University of Michigan)
    Andreas Gal (Mozilla)
    Jennifer Granick (Stanford Law School)
    Alex Polvi (CoreOS)
    Peter Eckersley (EFF) — Observer

Contact us

Press Inquiries:
press at letsencrypt.org

Security:
security at letsencrypt.org

BLOG

Let’s Encrypt: Delivering SSL/TLS Everywhere

Nov 18, 2014 • Josh Aas, ISRG Executive Director

Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?

The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.

Let’s Encrypt is a new free certificate authority, built on a foundation of cooperation and openness, that lets everyone be up and running with basic server certificates for their domains through a simple one-click process. 

Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting a certificate can be. Let’s Encrypt automates away all this pain and lets site operators turn on HTTPS with a single click or shell command.

When Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server:

$ sudo apt-get install lets-encrypt

$ lets-encrypt example.com

That’s all there is to it! https://example.com is immediately live.

The Let’s Encrypt management software will:

    Automatically prove to the Let’s Encrypt CA that you control the website
    Obtain a browser-trusted certificate and set it up on your web server
    Keep track of when your certificate is going to expire, and automatically renew it
    Help you revoke the certificate if that ever becomes necessary.

No validation emails, no complicated configuration editing, no expired certificates breaking your website. And of course, because Let’s Encrypt provides certificates for free, no need to arrange payment.

If you’d like to know more about how this works behind the scenes, check out our technical overview. Or if you really want to dive into the details, read the full protocol specification on Github.