1 min read

Let's Encrypt - A promising introduction

Having used Let's Encrypt for a few weeks now, I think it's safe to be optimistic about it at this point. "SSL certificates are a racket" is a common expression and one that isn't unfounded, but the availability of cheap, widely compatible and highly supported SSL certificates from companies like Namecheap has somewhat eroded at the impact of that expression.

So whilst I don't think the price is as much of a barrier as it once was, I think the availability, accessibility and ease of use Let's Encrypt offers something that could mark a significant shift on the internet. I don't think we'll see most businesses move away from the established CAs any time soon, but what Let's Encrypt does it offer people like myself, not a business or someone doing any sort of commercial activity, is the ability easily configure secure connections with valid SSL certificates on anything I want.

I'm currently in the process of writing a simple URL shortening api and website in Node.js as a replacement for q-URL.co and part of this included the desire to ensure that all API calls were secured over TLS. This was for reasons that extended beyond just the ability to secure potentially sensitive transfer of data. Because of this, during development, it has been been an great help to be able to supply a valid certificate for blog.qassim.uk, qassim.uk, dev.q-url.co, api.dev.q-url.co.

I replaced my paid-for basic Namecheap SSL certificate on blog.qassim.uk with a Let's Encrypt certificate simply because the Let's Encrypt automated request and configuration process is such a joy to use. It takes a matter of minutes to configure many, many domains with a new certificate and have the client automatically configure apache (auto configuration for nginx is in development) for SSL, including the option to force SSL using rewrite rules.

Even during this beta period, Let's Encrypt has impressed me. I think many will continue to have reservations about the processes of Let's Encrypt and what it means to the trustworthiness of certificates from this particular CA and as such I could see its appeal remaining largely limited to people such as myself but this alone I think could represent that large shift to 'TLS everywhere'.

I say yes, Let's Encrypt.