Beta: Free SSL via Let’s Encrypt
We have seen an increasing number of clients interested in SSL (https) for their WordPress sites in the past year or so, and have been working to make some updates to our systems to improve both performance and ease-of-use for SSL.
Our goal is that within the next few months there will be no reason to run sites via regular http at Lightning Base – you’ll certainly be able to, but sites will be just as fast running https, and with very little hassle during setup.
What Is Let’s Encrypt?
One piece of getting everyone running https is making it easier and cheaper to issue an SSL certificate for a site. There is an effort underway called Let’s Encrypt ( https://letsencrypt.org/ ) that has support from Mozilla, Facebook, Auttomatic, and an increasing number of companies in the hosting and general web industries. The service is in public beta, and we’ve been watching this (and hearing about interest from our clients in it) for some time.
Let’s Encrypt both issues its own SSL certs, and provides software that makes it easy to install these on a server (no more CSR and CRT files, email verification, etc).
Using Let’s Encrypt at Lightning Base
We have integrated the Let’s Encrypt service into our cPanel. This has been in internal testing for a short time and is now publicly available on all client cPanel’s. To use it, you’ll look for the Let’s Encrypt icon under the ‘Security’ section in cPanel:
Clicking that will bring you to the certificate management screen. You can click the ‘Issue’ link in the bottom section to create a new certificate, or in the top section can view the Let’s Encrypt SSL certs currently installed:
You’ll notice that certificates are only good for 3 months. This is the way Let’s Encrypt works, our system will attempt to auto-renew certs when they are 30 days from expiration. Note that a domain must be pointing at Lightning Base to issue a Let’s Encrypt certificate, due to the way they validate control of the domain.
Once a certificate is installed, you can test it by going to https://yoursite.com. If no errors occur there, you can login to WordPress, click ‘Settings’ -> ‘General’, and update both URL’s to use https. We’ll be putting up some more info about running WP all-SSL once our system-side changes (which will improve SSL performance) are in-place as well.
Why Beta? (Can I use this on my site?)
We consider this feature to be in beta for two reasons:
1. Let’s Encrypt itself considers their service to be in public beta.
2. This is new to Lightning Base, and although some successful testing has been done, we will need to see it used on client sites to be 100% sure it is ready for use by everyone.
In general, it does appear that this service is working well enough for production sites. But for important SSL certs I would wait until it has fully exited beta before going forward with a Let’s Encrypt cert.
I would also suggest that anyone testing this check their certificate expiration date after ~2.5 months. If the cert has not auto-renewed, please get in touch. It is hard for us to test auto-renewals without letting months pass, so this is the least-tested portion of the service on our end.
If all goes well, this should leave beta here within 3-4 months (I’m not sure how long it will last at Let’s Encrypt). We just need to start seeing a good number of client site auto-renewals, at which point there would be no reason to purchase a regular domain validated SSL for use at Lightning Base.
Please do let us know if you run into any problems using Let’s Encrypt during this beta
SSL at Lightning Base
Let’s Encrypt is just the first piece of our SSL revamp. We are currently testing system changes that will enable our built-in cache on https pages and provide full http/2 support. This will provide the benefits of our automatic caching to sites running SSL-everywhere, and http/2 helps minimize connection overhead and make SSL perform more like (and better than) regular http.
We will be posting additional updates on our blog/Twitter/Facebook as these updates enter beta and then roll out into production.
If you have any questions, don’t hesitate to login to https://secure.lightningbase.com and open a ticket.
