VPS Series: What You Should Know About Let’s Encrypt

Almost everyone that wants to operate a website on a VPS has heard of Let’s encrypt. It’s changed the internet security landscape by providing free SSL security certificates for everyone.

This saves website owners both money and time since it’s free and automated. The initiative is so important that it’s received sponsorships from industry heavy-weights like Facebook, Mozilla, and Cisco. There are some downsides to Let’s Encrypt, however, that you should also know about as well.

If you want an SSL certificate to keep the connection between your website and its users private, read on. We’ll tell you everything you need to know about Let’s Encrypt for cPanel and inform you of other options to maintain your E-commerce site.

Why Are SSL Certificates Important?

The information you send online goes through an HTTP protocol. The problem with HTTP is that it’s unencrypted by default. This means in the time information leaves your computer and travels to a website, it’s unprotected. Considering that 1.66 billion people worldwide use the internet to shop, that’s a problem.

People have become wiser to the dangers of online shopping, so they’ve started looking for businesses that follow certain security protocols. Google, knowing this, does their part by warning visitors to unencrypted sites before allowing them to pass on. If your business is one of the ones that doesn’t have an SSL certificate, this can mean lost business and fewer visitors, along with a lower Google website ranking.

SSL certificates, combined with HTTP, does two important things:

  1. It encrypts data so that third parties can’t read it
  2. It authenticates websites so that you know they’re who they say they are.

You know that a site has an SSL certificate when they have a green or grey (in Chrome 70+) padlock next to their domain name and when you see ‘https://’. Some web browsers, most notably Google Chrome, actually presents a warning to visitors if a site doesn’t have an SSL certificate. This warning isn’t only a red flag to visitors; some people don’t actually know how to bypass the warning, meaning that they’ll never see your website.

What Makes Let’s Encrypt Important

In the early days of https and SSL certificates, website owners needed to spend a lot of time and money to get their certificates. SSL was only available through third-party companies that charged an arm and a leg to secure your site. This meant that big companies like Amazon were able to get certificates while smaller websites were left watching their business go elsewhere.

Let’s Encrypt decided to give the power back to website owners by making the service free. They leveled the playing field and gave smaller websites a fighting chance against big corporations.

Another important aspect of the initiative is that it’s easy to do. Before, getting an SSL certificate was a complicated process that only a small percentage of people knew how to do. Now, anyone with basic computer knowledge can make sure that their information stays out of the hands of third-parties.

Certbot, which works for Linux, cPanel, and other programs, automates the process. All you have to do is copy a few lines of code and you’ll have an SSL certificate in a matter of moments. The certificate expires after 90 days, but Certbot automatically renews it for you.

With Google announcing that websites without an SSL certificate will see lower search-engine rankings, many small website owners thought they would be doomed to low page rankings forever. Let’s Encrypt helps small websites stay relevant against large companies.

The democratization of websites, believe it or not, is a good and bad thing, as you’ll see below.

Let’s Encrypt: The Bad

Access to encryption services for everyone seems like something that everyone should celebrate. Unfortunately, there is another side to that coin.

When someone goes to a website and sees ‘https://’, they’re likely to trust that website as much as they’d trust a website with the extended green bar next to their name. The green bar next to the domain name, known as extended domain validation, is another separate level of security. The average internet user doesn’t differentiate between the two, though.

An SSL doesn’t verify the identity of a website. A secure connection to a website designed to mirror another site is a dangerous thought. Imagine someone buying “bancofireland.com” and getting an SSL certificate. The average user might believe that the website is safe even though they’re giving their login information to the wrong people.

Many companies combat this by buying up domain names similar to their own and redirecting traffic to the real site. There are some sites, though, that still have problems with this. Visiting a fake website like this and entering login credentials allows someone else access to your information. They mirror the real website’s page, steal your information, and either sell it online or withdraw your money.

With that said, Let’s Encrypt provides a valuable service. Anytime you log on to the internet, there’s an assumption of risk that you take. Web browsers could (and should) take an active role in educating their users, but at the end of the day, it’s up to users to confirm if a site is safe to use.

There are hundreds of websites that tell people whether a site is safe or not. Also, no one should ever log in to their bank account without verifying the domain name and looking for the green or grey padlock in the address bar.

The problem is that while most people understand the internet, there are some, especially in non-industrialized countries, that up until recently didn’t have the level of access to the internet that Europe and North America has. There are also those in other parts of the world that target European citizens, especially the elderly, because they know that there’s a certain assumption of safety on the continent.

Let’s Encrypt’s Response To This Concern

How do we protect those people from sites that phish for information? Is it the responsibility of companies to hold people’s hands? These are questions that people have asked since the mid-’90s. For now, Let’s Encrypt’s position is that they provide a service and aren’t responsible for what people do with it.

While it’s an excellent service for those that want to secure their website for free, it can get taken advantage of by unscrupulous people. It’s also easy to do and will give you a small bump in your SEO rankings, which can both help small business and hurt consumers.

Are You Interested In Securing Your Website?

If you run an Irish website, security should be a major concern for you. You never want to leave your website exposed to potential attacks. That’s where we come in.

We offer services that protect both you and your visitors. If you need an SSL certificate for multiple domains and subdomains, we can set it up for you. If you need a VPS that’s both fully scalable and customisable, we can help you with that as well. We also offer SiteLock, the global leader in website security.

If you have questions about what we can do for you, contact us today! Our representatives can walk you through our services and help you discover what you need to secure your website.