TLS certificates, for everyone!

As you could read in our blog post from a couple of months ago we have been working on incorporating Let’s Encrypt’s free TLS certificates in our hosting environment.

TLS certificates are needed for a safe and good website. With it, you will have improved security, more privacy and higher search engine rankings. Please read our previous blogpost for a detailed summary of how TLS certificates work.

Green lock icon in URL bar

Today (December 19, 2016), we are pleased to announce that these certificates are now available for everyone in a public beta. Using TLS makes your website more secure. You can recognise that TLS is used by the green lock icon shown next to the URL to your website, you willl also notice that the URL will begin with “https://”. You have probably seen this before on the website of your bank or on sites like Facebook. TLS is actually (or should be) the norm on any website that handles any private data. Nowadays, the entire world wide web is starting to adopt TLS and it will soon be mandatory for a properly functioning website1 2 3

Why would I need this?

In the previous blog post, we showed a couple of advantages for using TLS, here’s a short summary:

  • TLS improves the privacy and security for your visitors.
  • When visitors can enter personal information or passwords on your website it is irresponsible and sometimes illegal not to encrypt the connection to the website.
  • In the near future Greenhost will support the new HTTP/2 protocol, which will be significantly faster than its predecessor. Most browsers will only support HTTP/2 when websites offer TLS.
  • Search engines will rank your website higher when it supports TLS.
  • Several browsers will soon give warnings on pages without TLS. This makes TLS an essential aspect of a properly functioning website.
  • Some future features in browsers will only be supported when websites support TLS connections.
  • It improves the security of your website — for example when you log into the admin page of your website, the password can’t be intercepted.

 

Where do I start?

We are using our own open source Let’s Encrypt plugin for certbot and Let’s Encrypt is fully automated. That’s why requesting and installing a TLS certificate is as easy as following these steps:
    
1. Open the Cosmos Service Centre
2. Open the ‘Hosting’ tab
3. Click ‘TLS Settings’

Here you can enable TLS for all your domains and subdomains. A more detailed explanation can be found in our helpdesk article, which includes instructions for repairing WordPress if it breaks after enabling TLS.
le-settings

Before enabling any of the other options, please check if it works for your website! It is possible that there are internal links on your website that link to ‘http://’, whereas your website should now be reached through ‘https://’. If you experience problems, please first read the TLS FAQ. You can also find more help in the helpdesk article: https://greenhost.net/helpdesk/website/introduction-for-lets-encrypt/. This includes instructions for repairing WordPress after enabling TLS.

Note that Let’s Encrypt support is now in public beta, you can always use the feedback form to get help from our front desk, when anything unsuspected happens!

 

So this is all for free?

Yes! Greenhost put a lot of work into making this work for you, so you can easily encrypt and secure your website’s connection. We believe that it is very important that you do. Even more importantly, Let’s Encrypt is an open and free initiative of the Internet Security Research Group (ISRG). If you want to thank them for making this available to you for free, please consider donating to their crowdfunding fundraiser

 

Thanks to the testers

We started a closed beta in September, which had two waves of participants. We want to thank everybody who entered this beta programme for their feedback. Furthermore we would like to thank the people, who e-mailed us about the beta program but were too late to be included, for their enthusiasm!

  1. https://motherboard.vice.com/read/google-chrome-shaming-http-unencrypted-websites-january
  2. https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
  3. https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/