Freelance Web/Graphic designer, photographer & community campaigner
General

Let’s Encrypt

I’ve recently moved to a new web host which offers support for the ‘Let’s Encrypt‘ service which provides SSL certificates for domains, for free.

SSL encryption is an important tool to have on your domain to protect account details of site users and though this site does not hold personal data on site visitors, it is still very important to use SSL to reduce ‘man in the middle’ attacks.

One of the issues with Let’s Encrypt on a shared hosting environment, is that traffic is limited to the site if the browser they are using does not support SNI. SNI (Server Name Indication) is a networking protocol where a client indicates what hostname it is attempting to connect to at the start of the handshaking process. Essentially it allows a server to present multiple certificates on the same IP address allowing multiple secure (https) websites to be served without requiring all those sites to use the same certificate.

There is a drawback to this method, in that browsers that do not support SNI will not be able to gain access to the site therefore traffic is limited on the site.

As a web designer, wide accessibility is key for website development and deployment, so normally I would not opt for the Let’s Encrypt service for a client, instead if they required SSL certification, I would use either VPS or managed dedicated hosting and purchased a third party SSL certificate despite this increasing the costs.

For this website, using a free SSL certificate from Let’s Encrypt makes sense as I don’t expect high volumes of traffic and the traffic that does come to this site, I would prefer to be encrypted to protect site visitors.

Despite limiting traffic to the site, I am very happy on how easy it was to implement Let’s Encrypt SSL Certificates on the domain and Qualys SSL Labs have given the domain a rating of A in the SSL Report: https://www.ssllabs.com/ssltest/analyze.html?d=jamesglen.org.uk&hideResults=on

Article written by:

Tech geekery, blogging, volunteering, graphic/web design, photography, digital activism and community-based campaigns are some of the things that I am passionate about.

Leave a Reply

Your email address will not be published. Required fields are marked *