It's not often that the world of SSL Certificates produces some exciting news but 2016 has started off with a double whammy!
First, on January 20th, Let’s Encrypt announced that SSL certificates could be validated by DNS record. If you’re not already familiar with Let’s Encrypt they are a new certificate authority that offer free SSL certificates. This announcement was something we were waiting for as it enables us to automate the issue and renewal of SSL certificates for our websites.
Second, and hot on the heels of Let’s Encrypt was Amazon Web Services’ announcement that they’ve launched a new service; AWS Certificate Manager (ACM) on January 21st. ACM is exciting as it allows us to issue free SSL certificates for our AWS infrastructure and Amazon automatically handle the renewal of the certificates thereafter.
All I can say is I’m glad I’m not involved in the business of being a certificate authority as the above announcements pretty much make paying for an SSL certificate a thing of the past as both Let’s Encrypt and AWS are now offering SSL certificates for free, joining CloudFlare who have been doing so for a while now too.
Going forward we’ll be launching all our new websites with an SSL certificate as standard and at no additional cost. The first of these websites using a Let’s Encrypt issued certificate launched on the 28th of January for Go Communications.
Once the AWS Certificate Manager (ACM) arrives in the EU regions we’ll likely switch over to that instead of Let’s Encrypt, but one never can tell how long that may take.
Let’s Encrypt is certainly an attractive option given they offer validation via ACME DNS challenge, while ACM’s only validation mechanism is email currently, so requires human intervention. But ACM offer wildcard certificates while Let’s Encrypt does not (yet).
During my initial research into Let’s Encrypt I was disappointed to see the certificates only lasted for 90 days, I suppose I was always looking for a catch and that seemed to be it. It puzzled me as the current norm, in my experience, is expiry after upwards of 12 months. But then I realised I was wrong, I was looking at this with an old fashioned mindset. The widespread adoption of SSL certificates for all websites is only going to take hold if certificate issuance and renewal is an automated process and with Let’s Encrypt’s choice to adhere to a short 90 day expiry it makes automation a necessity.