HTTPS is great. Your connection to a website is encrypted so an attacker or just an observer of the connection is not able to read the traffic. Fantastic! However, HTTPS requires a certificate that confirms you’re on the correct site and not on a fake website, used for phishing etc. There are several certificate authorities (CA) out there which can issue a certificate, but most of them require a payment. No money, no certificate.
Then Let’s Encrypt showed up. A project and an automated tool to create certificates for HTTPS connections. And even better: It’s free! Last weekend I wanted to enable HTTPS connection on my blog. I’ve also managed to create a valid certificate. Unfortunately, I was not able to configure it in my webadmin interface provided by my web hoster.
The online documentation had nothing about HTTPS as well, so I opened ticket, requesting more information about how to configure HTTPS in this environment. The answer is more than disappointing: It’s simply not possible and furthermore they do not support Let’s Encrypt in any way, but of course I can buy an extra package for encryption and then my provider will manage to set-up everything. Isn’t it nice?
No, it’s not! I wanted to use a free and widely supported service, that should be a basic procedure nowadays.
Hello! It’s 2017! Have you ever heard of Edward Snowden, the NSA and mass surveillance? Wake up!
And no, I do NOT want to buy your f***** certificate. I’m really thinking about switching my provider asap.