As I awake from my relative blog slumber this Summer, there are a couple of things (actually a lot of things) I’ve been meaning to blog about. (And luckily I even have a new soundtrack to blog by now thanks to CogDog.) Let’s Encrypt passed a pretty big Milestone in June with 100 million SSL certifications issued in less than two years. In a moment where there’s no shortage of nightmare stories around web security, surveillance, and hacking, Let’s Encrypt seems to be one of the few genuine feel-good stories of the web. A joint-effort, non-profit organization designed to make the web safer by providing free and open SSL certificates. A simple and much needed development that has changed the web dramatically. According to Let’s Encrypt:
When Let’s Encrypt’s service first became available, less than 40% of page loads on the Web used HTTPS. It took the Web 20 years to get to that point. In the 19 months since we launched, encrypted page loads have gone up by 18%, to nearly 58%. That’s an incredible rate of change for the Web. Contributing to this trend is what we’re most proud of.
An impressive bump for security on the web! Tim rolled out the Let’s Encrypt early on Reclaim Hosting, and when the plugin for cPanel came out we started running it immediately. So, for that same period of time we have been providing SSL certificates by default for our new shared hosting users, combined with free ID Protect I would say the Reclaim web is a bit safer and less scammy/spammy as a result. Focused projects like this are worth 100 million think-pieces on Medium.
They followed up the 100 million post in June, with the announcement of plans for free Wildcard Certificates in January 2018:
Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS.
This is big news for us because Wildcard certificates are not cheap currently, and by making them free we can actually provide Domain of One’s Own schools that run subdomains (such as jimgroom.stateu.org) automatic SSL certificates for all accounts. We could provide SSL certificates for subdomains before this announcement, but it was not automatic. Folks would need to manually enable the option, but with a free wildcard cert it can be automated at sign-up. This is huge for us, and they announced it during their Summer fundraising campaign so folks would donate given they are entirely funded by donations and sponsorships
The need for SSL is even more pressing these days given Chrome 56 marks all sites without SSL as “Not Secure” -including this one. In fact, I have to overhaul my WordPress Multisite setup from which bavatuesdays is running to comply, so I need to both practice what I preach and get bavatuesdays resolving on SSL as well as donate to Let’s Encrypt. If you have some spare change hanging around you should too!