Let's Encrypt first appeared on the Radar last edition, and since December 2015 this project has moved its beta status from private to public, meaning users will no longer be required to have an invitation in order to try it. Let's Encrypt grants access to a simpler mechanism to obtain and manage certificates for a larger set of users who are seeking a way to secure their websites. It also promotes a big step forward in terms of security and privacy. This trend has already begun within ThoughtWorks, and many of our projects now have certificates verified by Let's Encrypt.
Although more sites every day are implementing HTTPS to help protect their own users and improve the integrity of the web as a whole, there are many more sites to go. In addition, we see more and more people using HTTPS within their enterprises, to provide additional security guarantees. One of the main blockers to wider adoption has been the process of getting a certificate in the first place. Aside from the cost, the process itself is far from slick. Let’s Encrypt, a new Certificate Authority, aims to solve all this. First, it provides certificates for free. Second, and arguably more important, it also provides an extremely easy-to-use command-line API, making it easy to fully automate the process of issuing, upgrading and installing certificates. We think that Let’s Encrypt, in beta at the moment, has the chance to be revolutionary in terms of helping more of the web get on to HTTPS, and at the same time showing what good, automatable tools for the security-conscious should look like.
