Dreamhost has just announced that they now support Let’s Encrypt, a free, automated open certificate authority, to provide SSL Certificates to its customers at no cost. This is a great move by Dreamhost, especially as they are effectively giving up a whole section of their revenue, all in the endeavor to make things easier for their customers and to encourage TLS adoption on the Internet as a whole.
Marcus Hildum, Lead Security Engineer at Dreamhost, commented:
There is quite an interesting story about how Dreamhost came to support the Free SSL Certificates, which we will come to in a moment. First, though, it is useful to talk a little about the company behind the project.
About Let’s Encrypt
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit provided by the Internet Security Research Group (ISRG).
The key principles behind the scheme are:
- Free: The service is available to everyone, free of charge.
- Automatic: By installing certain software on a web server, the whole process of obtaining the certificate, configuring it and even renewing it is done automatically.
- Secure: It will serve as a platform for advancing TLS security best practices.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The issuing and renewal protocol will be published and maintained openly, allowing others to adopt the technology.
- Cooperative: It is a joint effort to benefit the community and as such is beyond the control of any one organization.
How Dreamhost got involved with Let’s Encrypt
It is quite an interesting story about how Dreamhost first got involved with Let’s Encrypt. Marcus Hildum attended DefCon23, a popular hacking conference, in September last year. Yan Zhu was giving a talk about the new scheme and used a screenshot of the SSL page on the Dreamhost Wiki as an example of how notoriously difficult SSL certificates can be to install. You can see the relevant part of the presentation below:
You can see the relevant part of the presentation below:
A transcript of the relevant part is as follows:
A screenshot of the page referred to is below:
For a lay person, this looks complicated.
So, with Marcus embarrassed about Dreamhost’s reference in the talk Dreamhost got in contact with Yan, and immediately started collaborating on how to implement Let’s Encrypt at their end:
A few months later, in a subsequent talk at 32c3, Dreamhost was yet again mentioned at a Let’s Encrypt panel, but this time as a supporting partner.
How to Install an SSL at Dreamhost via Let’s Encrypt
It is useful to point out post-implementation how easy it is to install now a Let’s Encrypt SSL at Dreamhost, especially as they were originally called out as having a complicated system.
Instead of the 12 steps previously referred to, it can now be done very easily in just five steps:
- Firstly, go to the domain management page
- To the right side of your chosen domain, under the “Secure Hosting” column, click “Add link.”
- Check the box next to “Signed Certificate” to confirm you wish to add the SSL to your domain
- Choose whether you would like a Dedicated IP
- Click “Add Now” button, and within a few hours, the new SSL will be configured.
So simple now!
Let’s Encrypt Limitations
Before we all get carried away, by saying the premium SSL industry is doomed, we should point out the limitations of Let’s Encrypt SSL Certificates. The SSL Store did quite an interesting article on the subject, which we will summarize as follows:
- These limited certificates only confirm the ownership of your domain, and not the owners identity (i.e. no EV SSL certificates)
- They won’t have support for Wildcard SSL certificates at launch.
- No Direct Support
- No Site Seals, or Warranties
While we feel that these free SSL certificates will be more than adequate for a blog, or standard website, we do worry that they won’t have the same authority as reputable companies such as Symantec, Comodo or Geotrust where reputable site seals supported by financial guarantees that financial or e-commerce companies rely on to instill trust in their website.
Despite these minor reservations, we are big supporters of this whole concept and very pleased to see Dreamhost implement it.