Let’s Encrypt
30 Jun 2016

Let’s Encrypt: Important Things to Know

This story dates back to 2015 when the Internet Security Research Group (ISRG) decided to present Beta for the Let’s Encrypt software. The main purpose of this project was to help internet users get a more secure connection between their servers and browsers called Secure Socket Layer (SSL) free of charge.

On April the 12th, 2015, the program has abandoned its Beta status and initiated a new wave of changes in the worldwide internet community making millions of users change their HTTP into HTTPS protocols.

All in all, Let’s Encrypt project has a bunch of benefits:

  • It’s totally free. Anyone who possesses a domain name can get a trusted certificate free of charge.
  • The certificate is obtained and renewed automatically.
  • All certificates issued or revoked are recorded and can be easily inspected.
  • The protocol will be published as an open standard that others can adopt.
  • Let’s Encrypt is an independent project, beyond the control of any organization.

How Does SSL Work? Things to Improve

In 2015 the latest version of SSL (3.0) was officially replaced by TLS (Transport Layer Security), which is able to guard sensitive data of the internet users more effectively. Therefore, the ‘SSL’ name has stuck, and many internet users continue to use this name instead of ‘TLS’.

If you want to grasp an idea how to improve your TLS/SSL connection, think of how an old and well familiar TCP works. An ordinary TCP connection is usually described as a ‘three-way handshake’ process. Firstly, a client sends out a connection request (SYN). Then he receives an acknowledgment (SYN/ACK) and responds with an acknowledgement of its own (ACK). These actions are enough to initiate your connection.

SSL/TLS require a few additional back-and-forths. The browser and server need to agree upon an appropriate encryption method, go through a process of mutual verification and generate symmetric keys to encode and decode all information exchanged during the session.

All these things need time and make your connection time longer.

CDN Can Become a Nice Solution

Once you have decided to switch to TSL/SSL connection, you can always get a free protocol with the help of Let’s Encrypt. Just start with certbot client.

Let’s Encrypt certbot has become available in BETA version since May the 12th, 2016. It’s an Automatic Management Environment (ACME) client and can be downloaded on your server via SSH. It’s quite easy to administer this certbot. Just command it to get a certificate for you or help you to install a necessary software.

Certbot has a number of benefits: it works with loads of operation systems, owns an understandable documentary and is very handy in use. Just click on the word ‘certbot’ and get your work started.

Remember, that Let’s Encrypt limits the number of certificates that can be to a particular domain each week.

It’s also recommended to do some testings before using the production environment.

CDN may become an effective tool for shortening round trip time. If you use a SSL/TLS connection, you can always speed up all interactions with the help of a CDN service.

In order to hasten and secure your internet connection, CDNsun has integrated with Let’s Encrypt to provide free custom SSL CDN certificates for its customers. A free custom SSL can be obtained directly in CDN dashboard.

With its help the company provides its users with the super fast HTTP/2 protocol on custom CDN domains without any fees.