Oh man, how have I not talked about this yet?
You know how every “internet security 101” thing talks about the little green lock next to a website’s address, and how that ensures the data you send and receive is secure? That’s because you’re accessing the website over HTTPS, rather than regular old HTTP. The difference is in the S, which you can think of as standing for Secure. All nice and dandy, but you can’t just up and slap HTTPS onto your website’s address and expect it to work. You need to actually be trusted, too.
To do this, website owners need to obtain a certificate that essentially declares their green lock as “the real deal”. Ordinarily, you’d have to pay for this. Kind of silly, right? Everyone’s yapping about the internet needing to be more secure, yet adding security is a laborious and costly effort. Introducing Let’s Encrypt, a certificate authority that’s going to get rid of all those problems.
Let’s Encrypt will be offering free certificates to all that request one. Not only that, but they’re making tooling to improve the “installation” process for a certificate from a complicated one to the simple click of a button. The work they’re doing is 100% open; issued certificates will be publicly visible and their automation code is open-source. They’re doing it for the community and to move security practices in the right direction. A noble cause!
I got my beta invite for Let’s Encrypt in the mail today. Sadly, my web host doesn’t offer proper good support for them yet.