After reading this article, you’ll understand the basics of the security implications between HTTP and HTTPS. We’ll also discuss the role of Let’s Encrypt in enabling HTTPS for free.
HTTP vs HTTPS
Security is paramount in all development ventures, especially with customer applications. Secure web browsing through HTTPS encryption is not only best practice, but also a functionally requirement given web browsers now flag websites as unsafe if HTTPS is not used. The difference between HTTP (un-secure) and HTTPS (secure) is that HTTP data is sent using clear text, whereas HTTPS connections are encrypted. To enable encryption, HTTPS utilizes SSL/TLS. Unfortunately, many hosting companies charge a hefty price to enable HTTPS. That’s where Let’s Encrypt comes into play. Let’s Encrypt is a free, automated, and open Certificate Authority creating a more secure and privacy-respecting Web.
Getting Started
Out of Date – See Update Below
There are several tutorials for installing SSL Certificates through Let’s Encrypt. The best tutorial for you depends on the hosting company you use. For example, the video below provides a step-by-step instruction for installing SSL Certificates for GoDaddy users, which is applicable to other hosting providers as well, but significantly easier if your hosting uses CPanel.
Update – May 2021
Zero SSL was sold and there are now limited free options. You are limited to 3-90 day SSL certificates per account and even if you create new accounts, there are limitations by domain names as well. Luckily for small businesses, tipswithpunch created a system for free, unlimited 90-day SSL certificates. Updated instructions below with links to the new SSL generator.