FullHost is pleased to announce we support the free and automated SSL certificates offered through Let’s Encrypt.
For all technical questions on Let’s Encrypt and how to get your free certificate, please see our Let’s Encrypt FAQ. Normally no action is required by you to enable a Let’s Encrypt certificate.
What’s Let’s Encrypt?
Let’s Encrypt is a certificate authority (CA) that is making HTTPS ubiquitous by easily automating the process of installing and renewing SSL Certificates so they can be renewed automatically before they expire. Let’s Encrypt aims at securing the Internet and doing it in a way that makes it easier and better for everyone. Let’s Encrypt issues certificates that function just the same way as other Domain Validated (DV) Certificates that you would spend money on. Let’s Encrypt, however, is free.
The certificates Let’s Encrypt issues are usable for 90 days before they expire. We will auto-renew any certificates generated through FullHost.
Private data should remain secure in that any data that is transmitted between the server and the browser is not open for a third party to view. One of the best ways of ensuring data security is through SSL/TLS encryption.
SSL/TLS is a secure means of establishing an encrypted link between a web server and a browser. It makes sure that the data transmitted between the server and the browser remains private allowing confidential and private information to be transmitted from one server to another securely. Without SSL/TLS data is left vulnerable to eavesdropping by attackers who can see and use the information for potentially malicious reasons.
SSLs works by establishing an encrypted connection through the public and private keys which work together.
When a website that is secured with SSL/TLS is being accessed through a browser, the browser connects to the web server requesting that the server identifies itself. The server then sends a copy of its SSL certificate including the public key. The browser checks the certificate origin against a list of trusted certificate authorities, and that the certificate is valid and that the common name matches for the website it’s being connected to. If all these checks are passed, the browser then sends back a session key using the server’s public key. The server then opens the link using its private key and sends back an acknowledgment with the session key to start the encrypted session. Once this all has happened, the transmitted data between the server and the browser is encrypted.
The payment card industry (PCI) requires you to use SSL/TLS if your site collects credit card information. If your site has a login section where private data is stored, or if private information is sent or received you should use SSL/TLS to protect that data.
Your customers will always want to know that you value their security and that you are serious about protecting their information, often opting to shop at the brands they trust.