Securing your website
(tap/click to view picture full size)

In recent years, there has been an increased drive towards securing the web and internet communications. Google Search is now using HTTPS as a ranking factor, Apple now require App communication over TLS, and the Chrome Web Browser is now displaying visible warnings to users when they visit non-secured sites.

Like much of the internet, the process of implementing HTTPS communication, with SSL Certificates, has always been clumsy and painful.

This often involved Certificate Signing Requests (CSR files), installing Certificate Files (CER), assigning to websites in the server, and much more besides.

It also involved cost, your CA (Certificate Authority) would likely charge you to obtain a certificate, with an annual renewal charge, and your website hosting company may also charge you to enable the ports and architecture required for SSL over the default Port 443.

Earlier this year, I wanted to go SSL for this website, and others, to keep pace with the trend, allow secure app API communication, and in the interests of secure, encrypted web connections.

I was made aware of Let's Encrypt, a new "Free and Automated" Certificate Authority.

This CA, backed financially by the likes of Mozilla, Chrome and Facebook, allows you to request your own certificate, and self-certify it automatically. Certificates are valid for 90 days, and can be renewed via an auto-renew process when within 30 days of that renewal.

With a little scripting and setup, it was reasonably easy to get the system up and running on Windows Server using the win-acme (formerly 'letsencrypt-win-simple') .NET Library. The library will automatically map certificates to sites in your local IIS web server, and create a scheduled task, to run daily, to check for eligibility for auto-renew.

Let's Encrypt offers single domain certificates, so you typically need two, one for domain.com and one for www.domain.com. Wildcard certificates are not currently offered.

The service uses the industry standard 2048 bit RSA, and 256 bit Keys.

Further reading: Let's Encrypt.

If you have your own server, want to implement SSL, or would like to move provider, please get in touch.