Let's Encrypt is a free, automated and open Certificate Authority for the benefit of the public. This is a service provided by the Internet Security Research Group (ISRG).

The organization gives it free to anyone SSL / TLS certifications to enable HTTPS use of their websites. They do this because I want to make the Internet safer.

Basic principles:

• Free: Anyone who has domain , you can use Let's Encrypt to get a trusted certificate at zero cost.
• Automatic: The software running on the web server contacts Let's Encryption to obtain the appropriate certificate in the background, configure it, and ensure that it is automatically renewed.
• Safe: Let’s Encrypt serves as a platform for promoting TLS security best practices both on the issuing authority’s side and for website operators to adequately protect their servers.
• transparent: All certificates issued or revoked are publicly recorded and made available to anyone.
• Open: The automatic release and renewal protocol appears as an open standard for others to use.
• Collaborator: Like the underlying Internet protocols, Let's Encrypt is a joint effort for the benefit of the community, beyond the control of any organization.

operation

Let's Encrypt and that ACME (Automated Certificate Management Environment) protocol is designed to allow the HTTPS server to be set up and browsers to obtain a trusted certificate without human intervention. You can do this by running the Certificate Management Agent on the Web server.

The process consists of two steps. First, the agent program running on the server verifies to the certificate authority that the domain in question is under the control of the server. The program can then request or renew or revoke certificates for the domain.

There are two ways to check your domain name management:

• You can create a DNS record under your domain name, or
• Providing an HTTP resource at the "well-known" URI under the domain name

If the domain name is successfully verified, the issuer sends the certificate to the server.

Let's Encrypt only issues domain-certified certificates, not OV (Organization validation) or EV (Extended validation) SSL certificates. Wildcard SSLs will be released from March on 2018.

For an explanation of SSL types, see HTTPS word article.