Posted: May 14th, 2018
Let's Encrypt is part of an initiative to encrypt as much World Wide Web traffic as possible. It is designed to make the creation and installation of SSL certificates a simple process that can be done with just a few commands. Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
Let's Encrypt gives people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.
The Let’s Encrypt extension can automatically keep hosted websites secured with free, trusted SSL/TLS certificates from Let’s Encrypt. This feature can be turned on or off for every individual hosting plan. When you turn this feature on for a hosting plan, for every domain, subdomain, domain alias, or webmail that belongs to a subscription based on that hosting plan and that is:
> Secured with a self-signed SSL/TLS certificate.
> Secured with an expired SSL/TLS certificate.
> Not secured with an SSL/TLS certificate.
The self-signed or expired SSL/TLS certificate is replaced with a Let’s Encrypt certificate.
You can also have the Let’s Encrypt extension replace SSL/TLS certificates that are not issued by one of the trusted certificate authorities in addition to self-signed and expired SSL/TLS certificates. To do so, set the check-domain-cert-authority setting to true. Read more about the check-domain-cert-authority setting in “Let's Encrypt settings list”.
The key principles behind Let’s Encrypt are:
Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.