Ideally, every time you visit a website, that connection should happen over a secure HTTPS connection so nobody can snoop on your surfing habits when you are using a public network at a coffee shop or at the airport. But in reality, most smaller websites don’t offer these kind of secure connections because getting the kind of digital public-key certificate that makes HTTPS connections work involves a rather annoying and manual process. They also typically don’t come cheap.
It doesn’t have to be like that, though. Starting soon, Mozilla, Cisco, Akamai, the Electronic Frontier Foundation, IdenTrust and researchers at the University of Michigan are working through the Internet Security Research Group to create a new certificate authority to offer these digital certificates for free to anybody who owns a web domain. The “Let’s Encrypt” group will launch this service next summer.
The Let’s Encrypt project aims to make getting certificates not just free, but also as easy as possible. It will take two simple shell commands to enable HTTPS for any given site that wants to use it. All of the certificates that are issues or revoked will be public and the team aims to make its protocols an open standard that other certificate authorities can adopt.
Developers who want to test the service can head over to GitHub to take a look at the code, but this is definitely not meant for production servers yet and if you decide to ignore that warning, chances are your users will see lots of warnings about your certificate that will keep them from ever seeing your site.