Let’s Encrypt is a viable alternative to cheap SSL

Let’s Encrypt is a viable alternative to cheap SSL

With the recent media coverage on privacy (Apple vs FBI anyone) it is not surprising that a free SSL service like Let’s Encrypt has emerged. SSL is increasingly being raised as a ranking factor by Google and since web hosting providers (like us) are compatible with the service, it is a no brainer to enable SSL on your website.

Why do we need an SSL service

SSL encrypts/scrambles information. So when you enter your username and password into a login form, SSL encrypts this and then sends it over the internet. This way if someone is eavesdrop on your communications it is very difficult/almost impossible for them to decrypt this.

Creating an SSL certificate is free of charge and can be created on any personal computer. The problem however comes when software like web browsers try to use it. SSL Certificates must be signed by a third party. That is they must have some form of verification check. They can be self signed however browsers will provide a warning the client will have to accept. It is increasingly the case that browsers will refuse to load the website, if a self signed certificate is used.

An option is Let’s Encrypt

Now this is in no way a replacement for Domain or high end EV (Extended Validation) certificates. These you can purchase through Globalsign, Symantec/Verisign, Commodo or via our website. Let’s Encrypt is a replacement for cheap low end certificates.

Let’s Encrypt vs Shared SSL

We like a lot of hosting providers offer a shared SSL certificate.  In our case this is a wildcard certificate that covers the “altairhosting.com” domain. How this works it you can create a “mysite.altairhosting.com” alias address which is covered by the certificate. You can then use this to cover the admin section of your website.

The first issue with this approach is it is getting increasing difficult to get CMS platforms like WordPress to behave properly under two domains. The second issue is you can still access the admin section via the unencrypted/non SSL address unless rules are added to stop this. The possibility of dropping out of SSL mode still remains if an errors occurs in the rules.

Now the alternative is you can either purchase an SSL certificate for your website or use the Let’s Encrypt service and globally force your site to SSL. This way all traffic is encrypted so removes the risk of accidentally dropping into an unencrypted mode.

Conclusion

Let’s Encrypt is a viable replacement for low end SSLs and so far looks like it is gaining popularity. If you want to use Let’s Encrypt on a website make sure you look for providers that support it (we do). We will be also be enabling a self service way to signing these certificates via our Control Panel shortly.

Further Reading

Let’s Encrypt Website : letsencrypt.org
Using Let’s Encrypt: benhutton.com.au/2016/07/19/lets-encrypt/

Leave a Reply