The Internet Security Research Group (ISRG), which was formed earlier this year and includes members from Mozilla, EFF, Cisco, Akamai, CoreOS, and more, will release the public beta version of Let's Encrypt, the free automatic digital certificate service. On December 3, everyone will be able to use the Let's Encrypt HTTPS certificates to encrypt their websites' connections.
Let's Encrypt launched last November as an effort to break down the last major barrier for adoption of HTTPS encryption on the web: certificate cost, which many small website owners were not willing to pay.
The performance issue, which was another HTTPS adoption hurdle, has also disappeared thanks to modern hardware from the past few years and the standardization of HTTP/2, which in some cases is even faster than unencrypted HTTP/1.1.
The principles on which Let's Encrypt was created are the following:
Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost.Automatic: The entire enrollment process for certificates occurs painlessly during the server's native installation or configuration process, while renewal occurs automatically in the background.Secure: Let's Encrypt will serve as a platform for implementing modern security techniques and best practices.Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.Cooperative: Much like the underlying Internet protocols themselves, Let's Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.
The limited beta version of Let's Encrypt launched earlier this September, and the service issued 11,000 certificates so far. This gave the ISRG a good idea about how well the service is running, which is why it's now ready to switch to the public beta and open it up to everyone who wants one.
However, the group's Executive Director, Josh Aas, also said that there is still more work to be done on the client side. The automation feature is what they're focusing on right now, which is why the group welcomes any feedback so it can fix the issues as soon as they appear.
Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers
Wow not a single comment. This is kinda a big deal though. Really nice to make encryption standard everywhere we go.Reply
Yeah, i wouldnt throw money at some stupid money grabbers just to get a cert for my private website. Im very happy about this :)Reply
I'm happy about this too. I use a Self Signed cert for my own personal site (which only a few people have access to to begin with) but I hate how with the self signed one you get that stupid "this site is unsafe" and i have to tell everyone that it is safe just because I didn't pay a million bucks pretty much these days to a verisign cert that you get that. Hopefully his can fix that!Reply