We don't use TLS/SSL on any of our websites today because the content is mostly static. It would be nice, however, if our sites supported TLS/SSL. I never pushed for it because, until recently, TLS/SSL would cost $50 per domain secured and that would be a waste of resources.

Let's Encrypt

The Electronic Frontier Foundation and Mozilla along with several others got together to make it easier for everyone to encrypt their web pages. They formed the Internet Security Research Group (ISRG) and created the Let's Encrypt service. It allows anyone to get a free TLS/SSL certificate for free.

Expiring Fast

The one drawback to these certificates is that, unlike those which cost $50 or more, the free ones only last for ninety days. It's important to keep these fresh because modern browsers will throw scary warnings about expired certificates. Some browsers would even refuse to load the web page.

I certainly don't want to have to log in every three months to updates the certificates on all our services. It would be really nice to have some kind of bot that just updates those certificates for me. The nice folks at the Electronic Frontier Foundation had the same idea and created a nice little tool called CertBot.

The ACME Protocol

Let's Encrypt provides certificates to entities that can prove their control over the domain to be encrypted. You prove this by responding to challenges using the ACME protocol. I was pleasantly suprised to find the whole process much easier than talking to moisture vaporators. They even provide a staging environment to test automation scripts.

Padlocks Coming Soon

This is the first small step toward enabling some better features for both players and the staff. I would also encourage everyone to support the Electronic Frontier Foundation and all the good work they do on behalf of our privacy and freedom on the internet. Look for the little padlock to show up on your web browser address bar in the next couple weeks.