Home Hosting SSL/TLS Let's Encrypt Security

Do I need Let's Encrypt?

If you're familiar with the world of security certificates, you've probably heard of Let's Encrypt. If not, we've got you covered. Here's everything that you need to understand regarding the role of certificates, public keys and encryption as you build your home on the web.

Understanding Web Security

Encryption is a vital aspect of modern communication. In short, it involves encoding data so that only its intended recipient can access it. Even if a malicious third party intercepts the message, they won't be able to decipher its encoded contents. In addition to using encryption for sensitive information like credit card numbers, servers use it to ensure that their communications with clients remain secure.

TLS and SSL

There are various means of encrypting data so that a server and a client machine can both keep their information out of the hands of bad actors. Options like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are accepted standards used by websites that offer HTTPS connections. SSL and TLS use documents called security certificates to prove that a server or host is the valid owner of a public key.

Public keys are publicly accessible strings of letters and numbers that anyone can use to encrypt a message and send it to said key's owner. To unlock the encrypted contents, the recipient must use the paired private key that only they can access. TLS and SSL use public-key cryptography and other mechanisms to:

  • Help your users confirm the identity of your server
  • Keep connections privately encrypted
  • Verify that messages haven't been altered or tampered with en route
  • Set up communication links between a client's browser and your server using a mechanism known as a handshake

Obtaining Certificates

If you want to run a website or service that your users can trust, you'll require valid identity credentials in the form of a public-key security certificate. Historically, website owners obtained their credentials from Certificate Authorities, or CAs, that digitally signed certificates to indicate their validity.

While the idea of relying on a trusted source is smart, traditional implementations have been somewhat lacking. For instance:

  • Private CAs charge significant sums for certificates.
  • Installation of certificates can be a heavily involved process depending on your setup.
  • You have to rely on a non-transparent commercial entity to keep up with security standards.

The Let's Encrypt Alternative

Let's Encrypt offers free SSL and free TLS security certificates that anyone can use, and as it's a nonprofit entity, the brand's approach bears numerous advantages. By doing away with the validation emails that many commercial CAs use to verify your identity, Let's Encrypt minimizes the risk that someone might obtain a false certificate for your site and hijack your users' data. These security credentials are also easy to install and renew periodically using an official automated client.

After releasing its first certificate in 2015, Let's Encrypt had issued some 24 million by December of the following year. Its massive popularity isn't its only advantage, however. Major web giants like the Mozilla Foundation and the Electronic Frontier Foundation back the nonprofit CA, so it adheres to widely accepted security standards and best practices. Of course, the fact that Let's Encrypt certificates are free is also a big advantage.

Wondering whether switching to Lets Encrypt could make your life easier? Try it out with one of our servers to learn how offering more secure web services might make your site's popularity skyrocket.