https://letsencrypt.org
Let’s Encrypt
Let’s Encrypt is a free, automated, and open certificate authority (CA), run
for the public’s benefit.
The key principles behind Let’s Encrypt are:
* Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a
trusted certificate
at zero cost.
* Automatic: Software running on a web server can interact with Let’s
Encrypt to painlessly
obtain a certificate, securely configure it for use, and automatically
take care of renewal.
* Secure: Let’s Encrypt will serve as a platform for advancing TLS security
best practices,
both on the CA side and by helping site operators properly secure their
servers.
* Transparent: All certificates issued or revoked will be publicly recorded
and available for
anyone to inspect.
* Open: The automatic issuance and renewal protocol will be published as an
open standard
that others can adopt.
* Cooperative: Much like the underlying Internet protocols themselves,
Let’s Encrypt is a joint
effort to benefit the community, beyond the control of any one
organization.
ISRG
Let’s Encrypt is a service provided by the Internet Security Research Group
(ISRG).
Internet Security Research Group (ISRG) is a California public benefit
corporation whose application for recognition of tax-exempt status under
Section 501(c)(3) of the Internal Revenue Code is currently pending with the
IRS. ISRG’s mission is to reduce financial, technological, and education
barriers to secure communication over the Internet.
ISRG is proudly sponsored by a diverse group of organizations, from non-profits
to Fortune 100 companies. We believe we can set an example for how everyone
interested in a more secure Internet can work together to provide digital
infrastructure for the public’s benefit. See this page for more on our sponsors.
ISRG Board of Directors
ISRG is overseen by individuals from a variety of backgrounds. Our current
board members are:
Josh Aas (Mozilla) — ISRG Executive Director
Stephen Ludin (Akamai)
Dave Ward (Cisco)
J. Alex Halderman (University of Michigan)
Andreas Gal (Mozilla)
Jennifer Granick (Stanford Law School)
Alex Polvi (CoreOS)
Peter Eckersley (EFF) — Observer
Contact us
Press Inquiries:
[email protected]
Security:
[email protected]
BLOG
Let’s Encrypt: Delivering SSL/TLS Everywhere
Nov 18, 2014 • Josh Aas, ISRG Executive Director
Vital personal and business information flows over the Internet more frequently
than ever, and we don’t always know when it’s happening. It’s clear at this
point that encrypting is something all of us should be doing. Then why don’t we
use TLS (the successor to SSL) everywhere? Every browser in every device
supports it. Every server in every data center supports it. Why don’t we just
flip the switch?
The challenge is server certificates. The anchor for any TLS-protected
communication is a public-key certificate which demonstrates that the server
you’re actually talking to is the server you intended to talk to. For many
server operators, getting even a basic server certificate is just too much of a
hassle. The application process can be confusing. It usually costs money. It’s
tricky to install correctly. It’s a pain to update.
Let’s Encrypt is a new free certificate authority, built on a foundation of
cooperation and openness, that lets everyone be up and running with basic
server certificates for their domains through a simple one-click process.
Anyone who has gone through the trouble of setting up a secure website knows
what a hassle getting a certificate can be. Let’s Encrypt automates away all
this pain and lets site operators turn on HTTPS with a single click or shell
command.
When Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will
be as easy as installing a small piece of certificate management software on
the server:
$ sudo apt-get install lets-encrypt
$ lets-encrypt example.com
That’s all there is to it! https://example.com is immediately live.
The Let’s Encrypt management software will:
Automatically prove to the Let’s Encrypt CA that you control the website
Obtain a browser-trusted certificate and set it up on your web server
Keep track of when your certificate is going to expire, and automatically
renew it
Help you revoke the certificate if that ever becomes necessary.
No validation emails, no complicated configuration editing, no expired
certificates breaking your website. And of course, because Let’s Encrypt
provides certificates for free, no need to arrange payment.
If you’d like to know more about how this works behind the scenes, check out
our technical overview. Or if you really want to dive into the details, read
the full protocol specification on Github.
_______________________________________________
Link mailing list
[email protected]
http://mailman.anu.edu.au/mailman/listinfo/link
