Let’s Encrypt just launched their program into open beta stage recently, and their goal is to enable more websites and servers to implement SSL/TLS encryption for security and privacy. They want to see HTTPS as the default encryption. Most of the non-critical sites on the internet does not implement any kind of encryption such as news portals and websites that does not have an account system.
However, most would not realize that for the website admins, they would have turn their heads over to HTTPS at some point access their admin part of their website such as CPanel or phpMyAdmin. Example would be a website running on a WordPress system, where the admins had to go into their WordPress admin control panel and key in their login details. If your server was not configured and does not have an SSL/TLS certificate, the login session is not encrypted completely and insecure. This exposes the admins themselves to phishing, data interception, traffic sniffing or even DNS poisoning.
By having a valid SSL/TLS certificate, you can be sure that traffic between the client and the server is encrypted, and that you are really talking to the intended server. The probability of exploiting this is quite low since an attacker would need direct write access into your hard drive to alter the certificate authority’s certificates. This not only ensures privacy, but also the integrity and security of the server.
The most basic SSL/TLS certificate costs a lot annually. There are only a few certificate authority that provides free SSL/TLS certificate. These certificates are usually limited to around 60 or 90 days before the certificate expire, whereas the renewal usually means we would have to pay an annual fee otherwise we would have to do the certificate application all over again – adding time consumption and it’s also really troublesome.
For Nasi Lemak Tech, previously we were using Comodo Free SSL Certificate. However it was quite troublesome to apply for once it has expired. Just a few days ago we decided to switch to Let’s Encrypt since they have launched their open beta program coincidentally just nearing our certificate expiry date. Let’s Encrypt is not offering any wildcard SSL/TLS Certificate, but for now you could request as many certificate you need – hassle free!
Let’s Encrypt has made the process of obtaining and installing certificates automatic for servers running on Apache.
Source: Let’s Encrypt