The Let’s Encrypt project is a certificate authority (CA) that aims to bring free and open encryption to the web. I first heard about it back in 2014 on episode #483 of Steve Gibson’s Security Now! podcast. The project went into public beta in December 2015 and at the time I played around with generating a certificate but then got busy and never ended up actually using it. Certificates issued by Let’s Encrypt need to be renewed every 90 days so in early March (shortly after the 1 millionth certificate was issued) I received a notification that it was going to expire and, since I still didn’t have the time to properly implement SSL, I just let it.
Finally, the other week, I had some time and decided to give it another go, starting from scratch.
I had a few problems running the letsencrypt-auto script to generate the certificate and update my web server configuration. First was two RewriteCond lines that contained backslashes in a configuration file that were interfering with the augeas parser (I just had to temporarily comment them out and then re-enable them once the script was complete). The other was a “Failed to connect to host for DVSNI challenge” message that was preventing the script from completing. I eventually had to use “letsencrypt-auto –authenticator standalone –installer apache” to get everything installed and running successfully, but it worked!
After taking a few more days to confirm all the HTTPS connections seemed to be working, I put in the necessary web server configuration changes to redirect all traffic to www.windracer.net over HTTPS. All links should still work, they’ll just be automatically redirected over a secure connection to the site.
If you run a website, you should definitely check out Let’s Encrypt. Even Automattic turned on SSL (using free Let’s Encrypt certificates) for all of its hosted WordPress.com sites. Very cool!