https://letsencrypt.org/ Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open.
- Free SSL Certificates for all
- Move the web forward, trying to make https the default for a more secure and private internet
- No wildcard certs, dang
- Support, basically all the browsers, anything on XP though is a different story, it will not accept the intermediate cert.
- Setup is easy, clone the tool, run the auto script (ACME client, https://github.com/letsencrypt/letsencrypt), enter the domain(s) you wish to have certs for and you are done. Add your SSL information to your web server config and happy secure https days.
- While in beta, certs will need to be renewed every 90 days
- When it was in the limited beta, over 26k certs were issued, it seems that should be enough to nail down all the things for a public beta
The key principles behind Let’s Encrypt are: - Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. - Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal. - Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers. - Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect. - Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt. - Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.