Friday, March 18, 2016

Free SSL Certificate with Let's Encrypt

Encrypting your website's traffic is very important to protect your customer info and also get higher ranking in Google search (according to Google announcement on HTTPS). Google's search results will favor encrypted sites over those that are insecure, and the weighting that secure sites are given will only increase over time. Day by day, the websites use HTTPS are getting higher ranking than others not using HTTPS which will be alerted by famous browsers (Chrome, Firefox) as insecure website. Then you can image how it affect to your customers.

To make your website fully encrypted and authorized, normally you have to buy a "secure certificate" (SSL Certificate). This certificate, issued by a trusted third party, would then be installed on your site to confirm to your visitors that your website is encrypted (secured) and who you are.

Nothing is matter if you have $$$. But in this article, I want introduce a free solution with Let's Encrypt. To know how it works, please read this document. Basically, Let's Encrypt provides a mechanism working on top a protocol called ACME (Automated Certificate Management Environment) which allows to create your secure certificates manually then validate,  sign, install and even renew them automatically.

If you're using Debian-based OS, you can read the official document for quick start. I hope in future, Let's Encrypt will have an official tool to support Windows IIS. But to live before that time, we also have some clients (provided by third parties) to get and manage the secure certificate from Let's Encrypt if you own a Windows IIS server.

1. ACMESharp
It is an ACME library and client for the .NET platform. It uses PowerShell to configure. Read here for quick start.

2. letsencrypt-win-simple
It is built on top of ACMESharp for supporting Windows CLI instead of PowerShell. You can read its Command Line Arguments here.

3. Certify for Windows
It is an application with GUI for Windows (also based on ACMESharp) which uses the Let's Encrypt service to provide free trusted SSL certificates for websites you control.
Certify will automatically configure your website on IIS with Let's Encrypt. After creating New Certificate for your domain, let check http://{your site}/.well-known/acme-challenge/configcheck to see if you can access this file. Let's Encrypt service requires to access this file to issue a certificate for you. If you cannot access this file, you must edit web.config file in same folder or follow here to configure Extension Static Files on IIS.


Remember that the certificate only valid in 90 days. So you should renew it on time. Just open it in Certify then click Renew button.

Currently Let's Encrypt just supports single domain certificate, hope in future it can support multi-domains certificate. Let wait.

Thanks for your reading.
Subscribe to RSS Feed Follow me on Twitter!