Let's Encrypt is a Certification Authority (Certification Authority abbreviated CA) issuing free Domain Validated certificates (Domain Validated abbreviated DV) for a period of 90 days. Let's Encrypt owns an RSA root certificate stored on a hardware security module that is not used directly. However, this certificate is intended to be replaced later by an ECDSA certificate which will be used to sign two intermediate certificates signed by the certificate authority IdenTrust. One of them will be used to sign the issued certificates, the other as a backup certificate in case of a problem with the first one.
What is Let's Encrypt used for?
Let's Encrypt is a Certificate Authority, and they have more or less the same privileges and powers as every other existing (and larger) Certificate Authority on the market.
What is special about Let's Encrypt?
Let's Encrypt is a free non-profit service provided by the Internet Security Research Group to promote web security by providing free SSL certificates
The advantages of Let's Encrypt
Among the advantages, we can mention that it is:
- Free: Anyone with a domain name can use Let's Encrypt to obtain a recognized certificate at no cost.
- It's automatic: it's software that runs on a web server that can interact with Let's Encrypt to easily obtain a certificate, securely configure it for use, and automatically support renewal.
- Secure: Let's Encrypt serves as a platform to advance TLS security best practices, both on the CA side and to help website managers properly secure their servers.
- Transparent: All certificates issued or rejected will be publicly recorded and available for inspection by anyone.
- Open: The issuance and even auto-renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Like the underlying Internet protocols themselves, Let's Encrypt is thus a joint effort for the benefit of the community, even beyond the control of any one organization.
Disadvantages of Let's Encrypt
Today, the main disadvantage of using a Let's Encrypt certificate is compatibility. This is thus a problem that any new certificate authority must face when approaching the market. Thus, for a certificate to be trusted, it must first be signed by a certificate belonging to a trusted certificate authority. To be trustworthy, a certification authority must therefore have the signing certificate integrated into the browser or the operating system. A certificate authority that enters the market today, even assuming that it is trusted by the root certificate program of each browser or operating system from day 0, which is by the way impossible, will be thus included in the current versions of the various browsers or operating systems. However, they cannot be included in older (and already released) versions.
How do I start using Let's Encrypt?
To start using Let's Encrypt, we first go to the DSM Security config. There, choose Certificates, then create a certificate. So choose to create a new certificate. Then enter a description, select the option to acquire a Let's Encrypt certificate, and set the use of this default certificate. For example, to enable HTTPS on your website, you must obtain a certificate (a particular file) from a certification authority (CA or CA for Certificate Authority in English). Let's Encrypt being a certificate authority. In order to obtain a certificate for your website's domain through Let's Encrypt, you must prove that you control that domain. With Let's Encrypt, you do this by using software using the ACME protocol, which generally runs at your host. To determine which method will work best for you, you will need to know if you have shell access (also known as SSH access) to your hosting. If you manage your site entirely through a control panel like cPanel, Plesk, or even WordPress, chances are you don't have shell access. You can ask your host to be sure in this case.