DEV Community

Cover image for The End of Dawn - “Let's Encrypt” certificate expiration.
Pramit Marattha for Aviyel Inc

Posted on • Updated on • Originally published at

The End of Dawn - “Let's Encrypt” certificate expiration.

Lets Encrypt

HTTPS is the Web's cryptographic backbone, offering an encrypted and authorized version of HTTP over TLS. The primary use cases for HTTPS when it was first introduced by Netscape twenty-seven years ago were to protect financial transactions and login credentials, but users today face a growing range of threats from hostile networks, including government mass surveillance and censorship, ISP customer profiling, and ad injection, and network device insertion of malicious code, all of which make HTTPS increasingly important. A huge chunk of cryptographic problems in Transport Layer Security have been uncovered and fixed, but low HTTPS adoption posed an even greater threat: recently in 2015, 55–70 percent of browser page loads were still using unencrypted HTTP.

Http vs Https

The deployment of HTTPS was complicated, expensive, and error-prone for server operators, which was a key hurdle to wider adoption. Interactions with Certificate Authorities, which are trusted by Web browsers to confirm a server's identification and provide a digitally signed certificate that binds the identity to the server's public key, were the most difficult part. A server operator had to employ esoteric key generating software and configuration directives, follow laborious processes to show possession of the domain name, and complete a payment transaction to a CA to receive and install a certificate.

Why "Let’s Encrypt" ?.

Let's Encrypt was established to remove these hurdles, encourage widespread adoption of HTTPS, and improve security for all Web users. Let's Encrypt is a free, open, and automated HTTPS certificate authority that was developed to help the entire Web embrace HTTPS it provides domain-validated certificates to server operators using a standard protocol at no cost. Let's Encrypt has grown to become the world's largest HTTPS Certificate Authority since its inception in late 2015, with more presently valid certificates than all other browser-trusted CAs combined altogether. It is the first browser-trusted Certificate Authority built for complete automation: identity validation and certificate issuance are fully automated, with no manual steps required by Web server operators or CA staff. Let's Encrypt uses automation to achieve a number of objectives. It considerably decreases the amount of human effort necessary for HTTPS deployment on the Web server, as well as the possibility of configuration errors that can lead to security issues.

Let's Encrypt support has been automated in Web server software, Internet of Things devices, big hosting platforms, and Content Delivery Networks. In the Certificate Authority sector, automation improves security by lowering the chances of human mistakes, which has been a common cause of misuse in the past. Let's Encrypt can only validate a domain and issue a certificate using the standard API; there is no manual override. Furthermore, by minimizing human interference, Let's Encrypt is able to keep the cost-per-certificate low and offer certificates for free. This removes two major roadblocks to HTTPS adoption: budgetary constraints and payment friction.

The implication of Let’s Encrypt.

Let’s Encrypt has issued billions of certificates covering millions of domain names in barely over six years of existence. Let's Encrypt has issued more valid browser-trusted certificates than all other Certificate Authorities combined altogether. It is governed and run by the Internet Security Research Group, a non-profit organization (ISRG). Operating a CA necessitates a 24-hour operations personnel, physically secure server infrastructure, and frequent security and compliance audits, all of which are overseen by ISRG. ACME, a protocol for handling CA–server interactions such as certificate requests, domain validation, issuance, renewal, and revocation, is at the heart of Let's Encrypt's automation. Boulder, an open-source ACME-based Certificate Authority implementation designed for security, scalability, and high dependability, is at the core of Let's Encrypt.

Click Here for full article

Follow @aviyelHQ or sign-up on Aviyel for early access if you are a project maintainer, contributor, or just an Open Source enthusiast.

Twitter =>

Official Site =>

Top comments (1)

joedotnot profile image

What's this got to do with END OF DAWN or certificate EXPIRATION? Maybe I should head over to your website to read the full article? is that what you intend to happen?