Let’s Encrypt and DreamHost

“HTTPS Everywhere!”

Maybe you’ve heard this rallying cry in some of the Internet’s nerdier corners; maybe not.

HTTPS Everywhere is one of the most significant ideas to come along since the Internet was created, and it embodies a simple-sounding goal: encrypt all web traffic.

Thanks to Edward Snowden’s revelations, the world now knows that virtually all of their Internet traffic (innocent or otherwise) is being monitored at any given time. Who’s doing the monitoring? A lot of different governments around the world, for starters, and that’s just what he told us about.

Anyone on the Internet can peek at traffic and spy on anyone or anything, with or without just cause.

DreamHost believes that your private data should remain private. You should have a reasonable expectation that your interactions with a website won’t be monitored by a third party — ever.

Unfortunately, what we believe and how the Internet works are two different things.

One good solution to keeping your private data private is encryption!

You know how when you visit a secure site, that little lock icon pops up in your browser’s toolbar? One of these cute fellas:

That icon is your assurance that traffic between your browser and the site that you’re visiting is encrypted and un-eavesedroppable. It’s not just limited to keeping your credit card details safe — all of your web traffic can be encrypted!

As a website owner, if you want to turn that icon on and enable encryption, you’ll need to obtain a secure certificate from a trusted party that’s been authorized to issue them. And, like a lot of things on the Internet designed to make your life better, you’d need to pay a recurring fee for it. Certificates can be purchased from a few different places online. Heck, we even sell them ourselves at an industry-leading $15 per year!

Pricing for secure certificates varies wildly — we’ve seen them priced as high as $300 per year, and we’re sure that’s not the ceiling. But here’s the secret that the SSL industry doesn’t want you to know: SSL certificates are all the same.

So why doesn’t everyone just buy cheap SSL certificates and use them? Why isn’t every website using encryption today?

It’s because people are lazy, cheap, or don’t want to learn new things. Even a fee as low as one dollar can be a barrier to entry.

Two employees at Mozilla (Josh Aas and Eric Rescorla) recognized this a while ago, and formed a non-profit organization called “Let’s Encrypt“.

Let’s Encrypt’s entire mission is to do exactly what you’d expect – secure the web – and to do it in a way that makes life easier and better for everyone.

Let’s Encrypt issues free secure certificates to domain holders.

Completely free! In fact, they just started doing this (in beta) today.

Certificates created by Let’s Encrypt are functionally identical to any certificate you’d spend money for elsewhere. They’re recognized as secure across all major web browsers with no additional work or configuration required by users. These certificates are valid for 90 days, and in the future, we will auto-renew any certificates generated through DreamHost!

Let’s Encrypt is working to address a fundamental oversight of the web’s design. End to end encryption for all web traffic is not only possible, it’s now easier than ever.

DreamHost is committed to supporting Let’s Encrypt, even if it means taking a hit on the chin in lost certificate sales.

DreamHost users will soon be able to generate and enable Let’s Encrypt certificates directly within their control panel. Who knows — now that certificates are free, we may even enable HTTPS for all new customers by default!

In the meantime, while we’re working to enable that functionality, you can contact our support team by submitting a ticket or starting a LiveChat to express your interest in Let’s Encrypt. We’ll be sure to contact you once DreamHost is fully Let’s Encrypt-enabled!

If you’re not entirely comfortable with the Let’s Encrypt approach to democratizing encryption, don’t worry! You’ll still be able to purchase secure certificates through the DreamHost control panel from Comodo for $15 per year. Functionally, they’re the same! Financially, they are fifteen dollars more expensive than free certificates. Up to you!

The web’s about to get safer, and we can’t wait to watch it happen!

Update: An earlier version of this post claimed that the Electronic Frontier Foundation created Let’s Encrypt. This post has been updated to reflect reality. My bad. -Brett

Update: An earlier version of this post encouraged users to start a Live Chat session for support. Unfortunately, issues with Let’s Encrypt cannot be handled over Live Chat at this time. Please submit a ticket if help is needed!