Secure Your Site, Save Money With Let’s Encrypt Security Certificates

From the tech web coming CommitStrip --

From the tech web comic CommitStrip.

For decades website owners who wanted to secure their sites and protect their users had to pay for complicated, often unwieldy security certificates.  Because they were really hard to implement site owners didn’t just have to pay the issuing certificate authority, they often had to pay their hosting companies as well.  Annually.

Late last year a new technology initiative called Let’s Encrypt was released.  Backed by various well-heeled players including the Electronic Frontier Foundation, the Mozilla Foundation, Akami and WordPress, Cisco Systems, and others, Let’s Encrypt provides free and very easy to use certificates for anyone who needs or even just wants one!

Ok, so what’s a Let’s Encrypt security certificate?  According to Wikipedia…

Let’s Encrypt is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

According to regular folks it’s a nice tool that makes it much harder (nothing is impossible) but much, much harder for hackers to skim usernames, passwords, email, credit card information, form data, and more.  This is particularly useful if you use public WiFi or similar shared connections in coffee shops, hotels, airports, and such.

Since it’s come out we’ve been routinely adding free Let’s Encrypt certificates to new customer’s sites for free when their hosting companies make it easy to do so.

Not all hosting companies offer Let’s Encrypt.  Not yet anyway.  Many of them don’t because it’s a bit of a pain.  Others don’t because, understandably, they don’t want to give up a revenue source that’s often higher per customer than their actual yearly hosting plans!  Still others are waiting for updates from cPanel, Plesk, WHM, and other host-management console vendors.  And some providers of very high-end hosting argue that while, yes, you do get much better security from Let’s Encrypt their customers are better served by paying full price for a “signed certificate” that not only provides security but also verifies that the owner of the certificate is who they say they are.  And yes, if you’re one of the small number of website owners who need not just to secure your connection but to verify and validate your identity you really do need more than Let’s Encrypt.

For everyone else?  Yeah, Let’s Encrypt is more than good enough.  It’s a very big deal.

Don’t get me wrong.  I’m not knocking hosting companies that don’t make Let’s Encrypt certificates easy to add.  But I am appreciating hosting companies that do.

Two companies we recommend started doing it right out of the gate. (Please note that if we use the service ourselves, and we also recommend to our customers, then we’re using affiliate links for those services.  The price will be the same for you whether you use our links or find them on your own.)  Both of those have the Let’s Encrypt built right into their control panels.  Both will set you up with a certificate in just a couple of clicks.

But while SiteGround and Dreamhost might have been the first to offer Let’s Encrypt, they’re no longer the only ones.  There’s an up-to-date list on GitHub.  I’m really glad to see the list continues to grow.


Posted in , tagged with: #, #, #

David Innes,

I've been building and maintaining websites since 1997 and building and supporting similar hypertext-driven software since 1987. I've done maintenance, support, and maintenance for physical and digital systems since 1981. And no, I still haven't seen it all but by now I usually know where to look. More about David Innes...