I was playing around with one of my sites the other day and I realised it was running under https:// which was strange because I never bought a certificate or set it up.
After a bit of playing around it appeared that two other sites worked under https:// as well. None of which were configured by me. All were running WordPress. At this point I thought they had buggered up a setting so I raised a support ticket with my hosting provider Webslice.
The quick reply was,”We are offering free Let’s encrypted SSL for all the domains now.”
For those of you who don’t know what Lets Encrypt is then its best to start with SSL. SSL is the encryption that protects your data on websites such as banks and Facebook. Anywhere where you login with a password should be encrypted otherwise your login and password just got sent and anyone in the middle of you and the website can read it.
This used to rely on certificates that were provided by trusted certificate authorities such as GlobalSign, Comodo and Symantec. The problem was, this was expensive. I saw a price yesterday of $150NZ for a two year certificate for one domain.
In comes Lets Encrypt. They “give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.”
And they recently issued their 100,000,000th certificate.
What this means is that now everybody can be encrypted using a trusted provider that is free. Our data just got safer. Our privacy just got private. It also means that hosting companies can roll out free SSL across their infrastructure which is exactly what Webslice have done.
If you are using WordPress you may need to make a couple of changes.