When properly configured, an HTTPS connection guarantees three things:
Confidentiality. The visitor’s connection is encrypted, obscuring URLs, cookies, and other sensitive metadata.
Authenticity. The visitor is talking to the “real” website, and not to an impersonator or through a “man-in-the-middle”.
Integrity. The data sent between the visitor and the website has not been tampered with or modified.
A plain HTTP connection can be easily monitored, modified, and impersonated.
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
Contribute to letsencrypt on GitHub.
Boulder is an ACME-based CA, written in Go.
letsencrypt-nginx is not fully developed, I choose
certonly to generate SSL certificate and configure nginx manually.
./letsencrypt-auto certonly --webroot -w /path/to/webroot --email firstname.lastname@example.org -d example.com
ssl_certificate /etc/letsencrypt/live/crispgm.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/crispgm.com/privkey.pem; ssl_session_timeout 1440m;
Others are as default.
Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.
Actually, crispgm.com is a full static site. Almost no difference on performance. :D
Safe journey on crispgm.com :)