HTTPS? Not available here…

HTTPS is great. Your connection to a website is encrypted so an attacker or just an observer of the connection is not able to read the traffic. Fantastic! However, HTTPS requires a certificate that confirms you’re on the correct site and not on a fake website, used for phishing etc. There are several certificate authorities (CA) out there which can issue a certificate, but most of them require a payment. No money, no certificate.

Then Let’s Encrypt showed up. A project and an automated tool to create certificates for HTTPS connections. And even better: It’s free! Last weekend I wanted to enable HTTPS connection on my blog. I’ve also managed to create a valid certificate. Unfortunately, I was not able to configure it in my webadmin interface provided by my web hoster.

The online documentation had nothing about HTTPS as well, so I opened ticket, requesting more information about how to configure HTTPS in this environment. The answer is more than disappointing: It’s simply not possible and furthermore they do not support Let’s Encrypt in any way, but of course I can buy an extra package for encryption and then my provider will manage to set-up everything. Isn’t it nice?

No, it’s not! I wanted to use a free and widely supported service, that should be a basic procedure nowadays.
Hello! It’s 2017! Have you ever heard of Edward Snowden, the NSA and mass surveillance? Wake up!
And no, I do NOT want to buy your f***** certificate. I’m really thinking about switching my provider asap.

Invited to Let’s Encrypt!

Since the beginning of this blog I want to use https to encrypt the communication of my website. But it’s actually not that easy. I can not go to my hoster and say: “Hey, give me some https”. You need a certificate by a certificate authority and this is usually chargeable.
This is my first blog and webpage and I have never done https before, so I would like to try it for free at first.

Now there is a new project ready for production. Let’s Encrypt is a project started by Mozilla. The goal is to provide a free certificate authority for all websites. So that every website owner can create his/her own SSL-certificate to encrypt the communication. Since some weeks the Let’s Encrypt certificate authority is trusted by all major browsers.

The project is in limited beta now. But you can apply for a certificate and that’s what I did. So I have received a mail confirmation last week that my website is whitelisted now. And now I can create my own certificate. So the next step is to find out how to do this.
In one of my next blog posts I will report how it works and if I managed to get my website to https. 🙂