Over the last few months, there has been a noticeable spike in the number of articles, blog posts, and tutorials that describe how to use Let’s Encrypt. Most promise to show readers how to instantly and painlessly get a free SSL certificate for their sites. This topic appeals to site owners across the web for a number of reasons, not the least of which are the benefits to SEO. Let’s Encrypt has the potential to meet this promise someday but in its current incarnation still requires robust technical expertise to use. These technical hurdles are not insurmountable, but they require you to bridge the gap between Let’s Encrypt’s current capabilities and its future promise.
Ideally, Let’s Encrypt provides a free and automatic way for anyone with a domain to obtain, configure, renew, and maintain an SSL certificate. It does this through the use of software that runs on a web server. In an ideal world, a site owner would simply be able to enter some basic information (the information used in a standard CSR for an SSL certificate) and then have an SSL certificate issued and installed within seconds.
The reality is that Let’s Encrypt requires some system administration, configuration, and troubleshooting to work. This may not be a problem for some site owners, but others could find themselves struggling to get things up and running. Whether or not you, as a site owner, will experience the full benefits of Let’s Encrypt will depend on your technical background and resources. Here’s a shortlist of the expected outcomes for various types of site owners who may be looking at leveraging Let’s Encrypt:
Site Owners Who Are System Administrators.
If you maintain your own servers, then chances are that you have the time and know-how to setup and configure the Let’s Encrypt client on your own servers. It will take a little work and some troubleshooting, but you will likely have no problem generating and installing your free SSL certificate with Let’s Encrypt.
Non-Technical Site Owners Running On Traditional Hosting Providers.
If you are a non-technical site owner running on a traditional hosting provider you are going to struggle using Let’s Encrypt. You will need to either hire someone to install and configure Let’s Encrypt for you (which will cost you money), or you will need to roll up your sleeves and do your best to learn how (which will cost you time). The steps involved will be complicated and include installing the Let’s Encrypt client software, using third party websites/services to create key pairs and CSRs, and placing the necessary files on your server to validate ownership of a domain.
Non-Technical Site Owners Running on a Let’s Encrypt-Enabled Hosting Provider.
If you are in this group, then you are fortunate because your hosting provider has already installed the Let’s Encrypt client for you, configured your servers for use with it, and provided you with an interface for requesting certificates. Unfortunately, there are very few host providers offering Let’s Encrypt as a consumable service.
Examining how Let’s Encrypt works for different types of site owners helps to illustrate both its promise and its limitations. There is still more work that needs to be done in making it more accessible for the bulk of site owners who are not administering their own servers. Hosting providers can play a critical role in this process by developing and pricing tools for leveraging it.
Let’s Encrypt holds the promise of a better internet: one with improved SEO and security. However, it is not a one-size-fits-all panacea, no matter how widely it may one day be adopted. For starters, Let’s Encrypt will most likely continue to provide only Domain Validated certificates. This means site owners who require Extended Validation certificates will have to continue to look elsewhere to fill that need. EV certificates require a verification and validation process that Let’s Encrypt was never envisioned to provide. Secondly, it requires frequent re-certification. Its certificates are only valid for 90 days and require some level of automation, whether that automation is offered by Let’s Encrypt, developed by site owners, or offered by hosting providers. Some site owners may prefer to stick with traditional certificates in order to avoid the frequent recertification cycle.
Even in its current limited form, Let’s Encrypt represents the very best of open source technologies. Let’s Encrypt is the product of a community that came together to improve the security of the web. Although Let’s Encrypt will not be the right solution in every case, it will play an instrumental role in ensuring the future of an open and secure Internet for everyone.