Movements like HTTPS Everywhere are working to get all sites on HTTPS. Google is one of the major backers of this movement and will eventually mark all regular HTTP sites as insecure by default in their Chrome browser (see more here). It is important that everyone secure their websites so we can all enjoy a safer Internet.
This is where Let’s Encrypt comes in. From https://letsencrypt.org/about/: “Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).” This means that anyone can request and receive a free SSL certificate to enable secure HTTP traffic. Now that there is no cost needed to receive a certificate, everyone can and should enable HTTPS on their websites.
This guide walks you through the basics of getting and applying a Let’s Encrypt SSL certificate to an existing web server. It assumes you already have the web server ready and the DNS records set appropriately. Since this is a getting started guide, we will stick with the Certbot recommended by Let’s Encrypt. There are many other solutions or you can even create your own. See here for more information on other clients. (more…)