'Let's Encrypt' Service Available To Everyone On December 3, As Public Beta Opens

The Internet Security Research Group (ISRG), which was formed earlier this year and includes members from Mozilla, EFF, Cisco, Akamai, CoreOS, and more, will release the public beta version of Let's Encrypt, the free automatic digital certificate service. On December 3, everyone will be able to use the Let's Encrypt HTTPS certificates to encrypt their websites' connections.

Let's Encrypt launched last November as an effort to break down the last major barrier for adoption of HTTPS encryption on the web: certificate cost, which many small website owners were not willing to pay.

The performance issue, which was another HTTPS adoption hurdle, has also disappeared thanks to modern hardware from the past few years and the standardization of HTTP/2, which in some cases is even faster than unencrypted HTTP/1.1.

The principles on which Let's Encrypt was created are the following:

  • Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost.
  • Automatic: The entire enrollment process for certificates occurs painlessly during the server's native installation or configuration process, while renewal occurs automatically in the background.
  • Secure: Let's Encrypt will serve as a platform for implementing modern security techniques and best practices.
  • Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.
  • Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.
  • Cooperative: Much like the underlying Internet protocols themselves, Let's Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.

The limited beta version of Let's Encrypt launched earlier this September, and the service issued 11,000 certificates so far. This gave the ISRG a good idea about how well the service is running, which is why it's now ready to switch to the public beta and open it up to everyone who wants one.

However, the group's Executive Director, Josh Aas, also said that there is still more work to be done on the client side. The automation feature is what they're focusing on right now, which is why the group welcomes any feedback so it can fix the issues as soon as they appear.

______________________________________________________________________
Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.

You can follow him at @lucian_armasu. Follow us on Facebook, Google+, RSS, Twitter and YouTube.

This thread is closed for comments
3 comments
    Your comment
  • laststop311
    Wow not a single comment. This is kinda a big deal though. Really nice to make encryption standard everywhere we go.
  • demonkoryu
    Yeah, i wouldnt throw money at some stupid money grabbers just to get a cert for my private website. Im very happy about this :)
  • drtweak
    I'm happy about this too. I use a Self Signed cert for my own personal site (which only a few people have access to to begin with) but I hate how with the self signed one you get that stupid "this site is unsafe" and i have to tell everyone that it is safe just because I didn't pay a million bucks pretty much these days to a verisign cert that you get that. Hopefully his can fix that!