LetsEncrypt is an initiative being sponsored by several different organizations including Mozilla and the Electronic Frontier Foundation following from recent privacy discussions in various communities last year. The key goal is to provide free, easy encryption via free SSL certificates to any public website.
On Thursday, December 3rd, 2015, LetsEncrypt entered a public beta, allowing anyone with a domain and a web server to receive their own valid SSL certificate at no cost.
History of LetsEncrypt
The principles of LetsEncrypt focus on an automatic, short lifetime and a highly transparent process of who is using the facilities. The protocol behind the service, ACME, is open source and is developed under an Internet Engineering Task Force (IETF) working group. The server and client implementations are both under open source licenses and are openly worked on at GitHub.
Although free SSL certificate providers appeared in the past, they had caveats restricting commercial use or needing to pay for revocations in the event of one being necessary. Usually, they also had numerous manual steps, adding a maintenance overhead to acquiring and then using a certificate.
Security of LetsEncrypt certificates
Free certificates are great, but usually the first question asked is about the potential for impersonation and how verification happens. The focus for this project is on domain validation rather than the greater depth of verifying individuals or companies. If there is a requirement for an enterprise level of encryption (the green tick that can be seen in URLs with the domain name), then extended validation is still required and a traditional SSL certificate vendor will have to be approached.
The validation of the domain is meant to be automatic by design. The A record of the domain is looked up by the LetsEncrypt ACME server, and then a secret key is provided by the ACME server at a specific location on the site to confirm ownership. For more details on how it works under the hood, see the technical overview at the LetsEncrypt site.
Get your own LetsEncrypt certificate
LetsEncrypt is available for public use now and can be used to get your own SSL certificates for any of your domains or subdomains. For help installing a certificate, read the LetsEncrypt documentation or find them on IRC at #letsencrypt on Freenode.
Lord Drachenblut
Thanks for this article. Any chance of seeing one showing how to setup a LetsEncrypt certificate on a Fedora based server?
Justin W. Flory
Funny you mention this… as we speak, LetsEncrypt is in the process of being officially packaged in Fedora. There’s even some rumor it may land in Fedora 23 in a couple months! Once the official package is available, you can guarantee we will have a Magazine article ready to go explaining how to use the official Fedora package for setting up LetsEncrypt.
In the meanwhile, I think the current documentation offered by the LetsEncrypt team is very detailed and informative, so it should be straightforward enough to refer to those for installing and using LetsEncrypt on a Fedora machine.
BenjamĂn Ariel
Yet another reason to love fedora, linux and the free software community! Way to go!
Tim Hughes
I haven’t tested them but the rpms are already in Koji.
https://koji.fedoraproject.org/koji/packageinfo?packageID=21509
Tim Hughes
Actually there is a write up at https://fedoramag.wpengine.com/letsencrypt-now-available-fedora/