ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How Big Will the Impact of Lets Encrypt Be?

    News
    security lets encrypt linux
    11
    57
    16.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mlnews
      last edited by

      Linux.com gets philosophical looking at the Let's Encrypt initiative positing that LE might be the single biggest advancement in end user security of the decade.

      This week the project takes a huge step toward that future with its Public Beta. After issuing more than 25,000 certificates during the Private Beta, anyone can now get a certificate for free. Our Security Director Emily Ratliff participated in the Private Beta and reports that “the whole Let's Encrypt process took much less time than getting and installing an SSL certificate in the traditional manner. It is also much less error prone since it is more automated with fewer steps.”

      1 Reply Last reply Reply Quote 2
      • S
        scottalanmiller
        last edited by

        Definitely going to be a big impact. LE is going to seriously shake things up.

        1 Reply Last reply Reply Quote 1
        • J
          JaredBusch
          last edited by

          Let's Encrypt isw certainly much easier than traditional SSL certificate methods. The part that is going to be a game changer is the fact that each request creates a single certificate. This means a single request with multiple domains can be done. This will replace all of the UCC certs people use for things like email.

          No more of this:
          https://i.imgur.com/L27efaL.jpg

          1 Reply Last reply Reply Quote 2
          • S
            stacksofplates
            last edited by

            I still can't believe there aren't more people using the free StartSSL certificates. It is kind of a pain to get through the interface, but for the small amount of time it takes, it's a good trade off.

            J 1 Reply Last reply Reply Quote 0
            • R
              Reid Cooper
              last edited by

              I've used StartSSL before. It's rather a significant pain. What surprises me more is that StartSSL never decided to just be more user friendly.

              1 Reply Last reply Reply Quote 1
              • A
                Alex Sage
                last edited by

                I have been buying them from NameCheap with my domains, just $1.99 each when you purchase a domain.

                J 1 Reply Last reply Reply Quote 0
                • D
                  dafyre
                  last edited by

                  LetsEncrypt is super easy. Especially if you are running Linux systems... Generate cert, and in some cases, it can automagically configure Apache for you. Right now, I've got one cert up on my NGinx box at home, and another cert up on my C@C Server.

                  1 Reply Last reply Reply Quote 0
                  • J
                    JaredBusch @Alex Sage
                    last edited by

                    @anonymous said:

                    I have been buying them from NameCheap with my domains, just $1.99 each when you purchase a domain.

                    You can get SSL from GoDaddy for similar prices when you get it new. It is the renewal where they make profit.

                    1 Reply Last reply Reply Quote 1
                    • J
                      JaredBusch @stacksofplates
                      last edited by

                      @johnhooks said:

                      I still can't believe there aren't more people using the free StartSSL certificates. It is kind of a pain to get through the interface, but for the small amount of time it takes, it's a good trade off.

                      Start SSL is not easy compared to setting up Let's Encrypt. I use StartSSL in a number of places also. It is a solid choice, but Let's Encrypt will completely change things once they work out the kinks and get the automagic plugins for other systems besides Apache on Debian.

                      S 1 Reply Last reply Reply Quote 1
                      • C
                        coliver
                        last edited by

                        Just finished setting this up on my owncloud server. It took maybe 5 minutes... The only problem is it is an old version of CentOS (6.5) so it is running an outdated version of Python. I really need to update that to the newest version.

                        J 1 Reply Last reply Reply Quote 0
                        • J
                          JaredBusch @coliver
                          last edited by JaredBusch

                          @coliver said:

                          Just finished setting this up on my owncloud server. It took maybe 5 minutes... The only problem is it is an old version of CentOS (6.5) so it is running an outdated version of Python. I really need to update that to the newest version.

                          That was supposedly fixed according to the github issue. If not there is a simple workaround to get Python 2.7 on your system. That workaround is how I found out what was missing in a core CentOS 7 install.

                          C 1 Reply Last reply Reply Quote 0
                          • C
                            coliver @JaredBusch
                            last edited by

                            @JaredBusch said:

                            @coliver said:

                            Just finished setting this up on my owncloud server. It took maybe 5 minutes... The only problem is it is an old version of CentOS (6.5) so it is running an outdated version of Python. I really need to update that to the newest version.

                            That was supposedly fixed according to the github issue. If not there is a simple workaround to get Python 2.7 on your system.

                            Yep, they threw an error telling me to please update. Then said to just add the --debug flag to the command. Worked well after that.

                            1 Reply Last reply Reply Quote 0
                            • S
                              stacksofplates @JaredBusch
                              last edited by

                              @JaredBusch said:

                              @johnhooks said:

                              I still can't believe there aren't more people using the free StartSSL certificates. It is kind of a pain to get through the interface, but for the small amount of time it takes, it's a good trade off.

                              Start SSL is not easy compared to setting up Let's Encrypt. I use StartSSL in a number of places also. It is a solid choice, but Let's Encrypt will completely change things once they work out the kinks and get the automagic plugins for other systems besides Apache on Debian.

                              OH most definitely. I haven't used it yet but the how to made it look really simple. I guess I'm just more surprised there aren't more websites with ssl since it's available for free already.

                              This is awesome though, esp since it can be scripted or used with an orchestration tool.

                              J D 2 Replies Last reply Reply Quote 2
                              • C
                                coliver
                                last edited by

                                They are also talking about an easy to use auto-renew tool. Although looking at some of the command flags you could easily do this now without much issue.

                                1 Reply Last reply Reply Quote 1
                                • J
                                  JaredBusch @stacksofplates
                                  last edited by

                                  @johnhooks said:

                                  @JaredBusch said:

                                  @johnhooks said:

                                  I still can't believe there aren't more people using the free StartSSL certificates. It is kind of a pain to get through the interface, but for the small amount of time it takes, it's a good trade off.

                                  Start SSL is not easy compared to setting up Let's Encrypt. I use StartSSL in a number of places also. It is a solid choice, but Let's Encrypt will completely change things once they work out the kinks and get the automagic plugins for other systems besides Apache on Debian.

                                  OH most definitely. I haven't used it yet but the how to made it look really simple. I guess I'm just more surprised there aren't more websites with ssl since it's available for free already.

                                  This is awesome though, esp since it can be scripted or used with an orchestration tool.

                                  SSL is not easy yet. Once Let's Encrypt is solid, I highly suspect that Apache and NginX will eventually update to have SSL enabled by default. That is the kind of far reaching impact that I expect out of Let's Encrypt.

                                  1 Reply Last reply Reply Quote 2
                                  • D
                                    dafyre @stacksofplates
                                    last edited by

                                    @johnhooks Yepp! Just link /path/to/your/cert.crt to /etc/letsencrypt/live/your.domain.local/cert.pem and the same for the key / privkey.pem and set it to run every 30 to 60 days. And do your /happy dance.

                                    I haven't see anything about this though... Is it available for Python on Windows or is it still strictly Linux only?

                                    C 1 Reply Last reply Reply Quote 1
                                    • C
                                      coliver @dafyre
                                      last edited by

                                      @dafyre said:

                                      @johnhooks Yepp! Just link /path/to/your/cert.crt to /etc/letsencrypt/live/your.domain.local/cert.pem and the same for the key / privkey.pem and set it to run every 30 to 60 days. And do your /happy dance.

                                      I haven't see anything about this though... Is it available for Python on Windows or is it still strictly Linux only?

                                      You could make the keys in Linux and move them to a Windows box. They don't seem to support Windows yet though.

                                      J 1 Reply Last reply Reply Quote 0
                                      • J
                                        JaredBusch @coliver
                                        last edited by

                                        @coliver said:

                                        You could make the keys in Linux and move them to a Windows box. They don't seem to support Windows yet though.

                                        I am going to be doing that sometime this week in fact.

                                        C 1 Reply Last reply Reply Quote 0
                                        • C
                                          coliver @JaredBusch
                                          last edited by

                                          @JaredBusch said:

                                          @coliver said:

                                          You could make the keys in Linux and move them to a Windows box. They don't seem to support Windows yet though.

                                          I am going to be doing that sometime this week in fact.

                                          Yep, I was looking at it earlier. The PEM keys look like they should be compatible with the Windows Certificate store.

                                          D 1 Reply Last reply Reply Quote 0
                                          • D
                                            dafyre @coliver
                                            last edited by

                                            @coliver said:

                                            @JaredBusch said:

                                            @coliver said:

                                            You could make the keys in Linux and move them to a Windows box. They don't seem to support Windows yet though.

                                            I am going to be doing that sometime this week in fact.

                                            Yep, I was looking at it earlier. The PEM keys look like they should be compatible with the Windows Certificate store.

                                            Then the issue becomes scripting it in such a way that it can be automated on Windows too... Especially since the cert lifetime is only 90 days.

                                            C 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post