LetsEncrypt enters public beta

LetsEncrypt is an initiative being sponsored by several different organizations including Mozilla and the Electronic Frontier Foundation following from recent privacy discussions in various communities last year. The key goal is to provide free, easy encryption via free SSL certificates to any public website.

On Thursday, December 3rd, 2015, LetsEncrypt entered a public beta, allowing anyone with a domain and a web server to receive their own valid SSL certificate at no cost.

History of LetsEncrypt

The principles of LetsEncrypt focus on an automatic, short lifetime and a highly transparent process of who is using the facilities. The protocol behind the service, ACME, is open source and is developed under an Internet Engineering Task Force (IETF) working group. The server and client implementations are both under open source licenses and are openly worked on at GitHub.

Although free SSL certificate providers appeared in the past, they had caveats restricting commercial use or needing to pay for revocations in the event of one being necessary. Usually, they also had numerous manual steps, adding a maintenance overhead to acquiring and then using a certificate.

Security of LetsEncrypt certificates

Free certificates are great, but usually the first question asked is about the potential for impersonation and how verification happens. The focus for this project is on domain validation rather than the greater depth of verifying individuals or companies. If there is a requirement for an enterprise level of encryption (the green tick that can be seen in URLs with the domain name), then extended validation is still required and a traditional SSL certificate vendor will have to be approached.

The validation of the domain is meant to be automatic by design. The A record of the domain is looked up by the LetsEncrypt ACME server, and then a secret key is provided by the ACME server at a specific location on the site to confirm ownership. For more details on how it works under the hood, see the technical overview at the LetsEncrypt site.

Get your own LetsEncrypt certificate

LetsEncrypt is available for public use now and can be used to get your own SSL certificates for any of your domains or subdomains. For help installing a certificate, read the LetsEncrypt documentation or find them on IRC at #letsencrypt on Freenode.

For Developers For System Administrators Using Software

5 Comments

  1. Thanks for this article. Any chance of seeing one showing how to setup a LetsEncrypt certificate on a Fedora based server?

    • Funny you mention this… as we speak, LetsEncrypt is in the process of being officially packaged in Fedora. There’s even some rumor it may land in Fedora 23 in a couple months! Once the official package is available, you can guarantee we will have a Magazine article ready to go explaining how to use the official Fedora package for setting up LetsEncrypt.

      In the meanwhile, I think the current documentation offered by the LetsEncrypt team is very detailed and informative, so it should be straightforward enough to refer to those for installing and using LetsEncrypt on a Fedora machine.

  2. BenjamĂ­n Ariel

    Yet another reason to love fedora, linux and the free software community! Way to go!

  3. Tim Hughes

    I haven’t tested them but the rpms are already in Koji.

    https://koji.fedoraproject.org/koji/packageinfo?packageID=21509

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions

%d bloggers like this: