A bit about SSL
SSL (Secure Sockets Layer) certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. Using this technology, servers can send traffic safely between the server and the client without the concern that the messages will be intercepted and read by an outside party. Sites using an SSL certificate will display a green pad lock symbol prior to their url in a web browser, as you will be able to see on this site.
Why is it important?
This is extremely important when your website is handling sensitive information, like its user’s details, passwords and banking information. It is therefore essential to implement and SSL certificate on any site doing this – which is basically every website! Even is your site doesn’t handle sensitive user information, there is an argument for getting one anyway, which is that it should earn you extra Google love from a search engine optimisation perspective.
How can I get one?
Well, you could generate a ‘self-signed’ one yourself. But this would likely result in your site’s visitors being presented with a scary warning about not being able to verify your site’s identity. The more traditional method is to acquire and install an SSL certificate from a trusted, commercial certificate authority. These will not present your site’s visitors with such a warning, but do come at a cost!
There is another way…
I recently came across these guys, Let’s Encrypt. They are “a free, automated, and open certificate authority, run for the public’s benefit”. Their aim is to provide open and free, automated ssl certificates to everyone, resulting in a more secure Internet for all – can’t argue with that!
Having installed a Let’s Encrypt SSL Certificate on our website and given it a test drive, it seems to be accepted by all modern major browsers. So far, so good… The best part is that you can set your certificate up so that it automatically renews itself, as the certificates do expire after 90 days. So no more paying to renew a certificate bought through a certificate authority!
How do I get what you’ve got?
There is lots of information on how to implement a Let’s Encrypt SSL Certificate over on their website. But our web server provider Digital Ocean also have in depth tutorials on Let’s Encrypt and SSL in general. Here are a couple I found useful during my exploration:
- How To Secure Apache with Let’s Encrypt on Ubuntu 14.04
- How To Create an SSL Certificate on Apache for CentOS 7
- How To Install an SSL Certificate from a Commercial Certificate Authority
I recommend that you check the official Let’s Encrypt blog for important updates from time to time.