Knowledgebase
FAQ for Let's Encrypt Security Certificate
Posted by on 16 February 2016 04:51 PM

When Let’s Encrypt, an open source security certificate provider, entered public beta in December 2015, it changed the encryption game forever. Until then, encryption through SSL security certificates was only available for a fee from Certification Authorities (CAs).

 

What is Let’s Encrypt?

Let’s Encrypt is a free open source alternative to traditional SSL certificates. It is absolutely free of cost and uses an automated domain-validated system to issue security certificates. The goal of this open-source project is to make web browsing safer for all internet users by making data transfer encryption free, fast and accessible.

 

How does it work?

The cumbersome process of getting and maintaining a certificate is fully automated by a domain validation process. To request renew and revoke certificates, the ownership over a domain has to be proved by one out of two methods. The CA verifies that all the requirements have been satisfied and allows the agent to manage certificates.

 

Requesting challenges to validate example.com

 

Requesting authorization to act for example.com

 

How are certificates Issued and renewed? 

Once the above steps have been carried out, the user agent has to simply send messages with an authorized key pair to manage certificates.

Requesting a certificate for example.com

Requesting revocation of a certificate for example.com

 

How is Let’s Encrypt different from other SSL?

It is free, automated and open. No application rejections due to a misplaced comma! If you have been using SSL security certificates before Let’s Encrypt, you will appreciate how simple and straightforward the process is. The entire authorization process is automated and it is as easy as selecting domains and subdomains and clicking on "Issue" to get a certificate. Below are all the advantages of using Let's Encrypt.

 

What are the advantages of using Let’s Encrypt certificates?

Free of cost

Easy to install

Does not need emails for validations

Does not need a dedicated ip

It is trusted by all major browsers

Auto renewals

 

How do I install a Let’s Encrypt security certificate?

It is easy to install Let’s Encrypt from the cPanel of your Certified Hosting account. And you may install as many certificates as you need for each domain and subdomain that you own.

All your Let’s Encrypt certificates are set to auto renew by default unless they are cancelled manually in cPanel.

Follow the steps below to get a Let's Encrypt security certificate:

  1. Sign into your Certified Hosting account.
  2. Click on "Let's Encrypt SSL" under the Security section in your cPanel.
  3. Click on "Issue" next to the domain you want to encrypt.
  4. Select the "www." Subdomain. Now, select all the other subdomains and parked domains that you would like to be included under "Alias Domain."
  5. Click the "Issue" button to generate your Let's Encrypt security certificate.

 

Will it work with all my software and add-ons?

Yes, our extensive internal testing has revealed that Let's Encrypt works with all web servers, scripts and add-ons. However, it does not work with CloudFlare free CDN out of the box.

 

How to Use CloudFlare CDN with an SSL?

Easiest way to use CloudFlare with SSL is to use a plan like CloudFlare Plus includes 1 click options to enable SSL support.

The free CDN services of CloudFlare are very popular among small businesses as it turns slow page load times into lightning quick responses. However, it does not work out of the box with SSL certificates. You have two ways to manually configure it.

  1. Limit traffic to CloudFlare: If only a subdomain is covered by SSL protection you can disable it. Since most blogs and eCommerce stores are on a subdomain, this part is easy to manage. In other words, if you have SSL only for subdomains and if you disable SSL on these subdomains, these can also be served by CloudFlare.
  2. Reconfigure SSL pages: Since CloudFlare uses the CNAME www.yourdomain.com, you can configure your SSL to only use non www pages. The traffic from these non www pages will not be served through CloudFlare and you will be able to enable SSL for them.
(2 vote(s))
Helpful
Not helpful

Comments (0)