LetsEncrypt is an initiative being sponsored by several different organizations including Mozilla and the Electronic Frontier Foundation following from recent privacy discussions in various communities last year. The key goal is to provide free, easy encryption via free SSL certificates to any public website.

On Thursday, December 3rd, 2015, LetsEncrypt entered a public beta, allowing anyone with a domain and a web server to receive their own valid SSL certificate at no cost.

History of LetsEncrypt

The principles of LetsEncrypt focus on an automatic, short lifetime and a highly transparent process of who is using the facilities. The protocol behind the service, ACME, is open source and is developed under an Internet Engineering Task Force (IETF) working group. The server and client implementations are both under open source licenses and are openly worked on at GitHub.

Although free SSL certificate providers appeared in the past, they had caveats restricting commercial use or needing to pay for revocations in the event of one being necessary. Usually, they also had numerous manual steps, adding a maintenance overhead to acquiring and then using a certificate.

Security of LetsEncrypt certificates

Free certificates are great, but usually the first question asked is about the potential for impersonation and how verification happens. The focus for this project is on domain validation rather than the greater depth of verifying individuals or companies. If there is a requirement for an enterprise level of encryption (the green tick that can be seen in URLs with the domain name), then extended validation is still required and a traditional SSL certificate vendor will have to be approached.

The validation of the domain is meant to be automatic by design. The A record of the domain is looked up by the LetsEncrypt ACME server, and then a secret key is provided by the ACME server at a specific location on the site to confirm ownership. For more details on how it works under the hood, see the technical overview at the LetsEncrypt site.

Get your own LetsEncrypt certificate

LetsEncrypt is available for public use now and can be used to get your own SSL certificates for any of your domains or subdomains. For help installing a certificate, read the LetsEncrypt documentation or find them on IRC at #letsencrypt on Freenode.