The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption.

The latest step comes on the heels of the movement issuing its first certificate back in September and becoming an official Certificate Authority in October.

Now, anyone that runs a server and wants to deploy HTTPS on their site can run the beta client and get a certificate.

The movement really gained traction earlier this fall after root certificates it deployed began getting cross-signed by public key certificate authority Identrust. Now the certificates are trusted across all the major browsers.

The collaborative behind the initiative – the Electronic Frontier Foundation, Mozilla, The University of Michigan, Cisco, and Akamai – announced their plan last November to grant free HTTPS certificates to any site that needed one. Jacob Hoffman-Andrews, a Lead Developer on Let’s Encrypt with the Electronic Frontier Foundation acknowledged on Wednesday that until now obtaining and installing a certificate was an expensive and difficult process.

“Once someone has purchased a certificate, they need to install it on their website, a time consuming and error-prone process that requires significant technical skill, which is a cost in itself. Let’s Encrypt is not only free but also automated, in order to make HTTPS encryption more accessible than ever,” Hoffman-Andrews wrote in the EFF’s Deeplinks blog.

Hoffman-Andrews claims that as the term beta suggests, there’s still some work to do.

The group still hopes to make it easier for website owners by including options to help them automatically renew their certificates, and supply automatic configuration for servers like Nginx postfix, exim, or dovecot.

The group also wants to better educate users on other features to help them shore up their sites, including HSTS, upgrade-insecure-requests, and OCSP stapling.


Categories: Privacy, Web Security