A bit about SSL
SSL (Secure Sockets Layer) certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. Using this technology, servers can send traffic safely between the server and the client without the concern that the messages will be intercepted and read by an outside party. Sites using an SSL certificate will display a green pad lock symbol and https:// prior to their url in a web browser, as you will be able to see on this site.
Why is it important?
This is extremely important when your website is handling sensitive information, like its user’s details, passwords and banking information. It is therefore essential to implement and SSL certificate on any site doing this – which is basically every website! Even if your site doesn’t handle sensitive user information, you should have an SSL certificate regardless, as search engines use it as an SEO ranking factor. Some browsers will also now warn visitors if a site is not using a secure https connection.
How can I get one?
Well, you could generate a ‘self-signed’ one yourself. But this would likely result in your site’s visitors being presented with a scary warning about not being able to verify your site’s identity. The more traditional method is to acquire and install an SSL certificate from a trusted, commercial certificate authority. These will not present your site’s visitors with such a warning, but do come at a cost!
There is another way…
Let’s Encrypt – They are “a free, automated, and open certificate authority, run for the public’s benefit”. Their aim is to provide open and free, automated ssl certificates to everyone, resulting in a more secure Internet for all – can’t argue with that!
Having installed a Let’s Encrypt SSL Certificate on our website and given it a test drive, it seems to be accepted by all modern major browsers. So far, so good… The best part is that you can set your certificate up so that it automatically renews itself, as the certificates do expire after 90 days. So no more paying to renew a certificate bought through a certificate authority!
How do I get what you’ve got?
There is lots of information on how to implement a Let’s Encrypt SSL Certificate over on their website. Our web server provider AWS offers production ready ‘Lightail‘ servers using Bitnami LAMP configurations, which come with Let’s Encrypt pre-installed on them. Bitnami is well supported and well documented.
I recommend that you check the official Let’s Encrypt blog for important updates from time to time.
Happy securing!