Let's Encrypt

When you connect to a website, you either do it by http or https. The 's' in the second case stands for 'secure'. It means that the data traveling between your computer and the website (in both directions) is encrypted. That in turn means people in between your computer and the website's server (e.g. your internet service provider, hackers, federal investigators and others) can't see what the data is, only how much of it there is and which points it's traveling between. Therefore https connections improve your security and privacy online. It is for this reason that they are used to connect you to banking websites, most webmail providers, Facebook, Wikipedia, paypal and many, many other websites. To check if the connection is https, rather than only http, look to the left of the address in your browser. You should see a green padlock symbol.

To connect via https to the website you visit that website needs to have a verifiable, trusted certificate showing that the https connection is genuine and trustworthy. Traditionally, there are trusted companies that offer such certificates and website owners would have to pay these companies to get these certificates issued. VeriSign and Comodo are two examples. So, for example, if you have a website hosted with, say, GoDaddy or SiteGround or BlueHost or similar, that company would charge you money to organize a certificate for you via Comodo or Verisign or a similar certificate issuer.

In the wake of the Snowden revelations, people became much more aware that internet traffic was being recorded on a mass scale by the National Security Agency, GCHQ and other intelligence agencies. In some cases, this hit hard several popular services, most notably Yahoo, whose unencrypted traffic between its servers was easily hoovered up and analyzed. A campaign arose with the objective to make every connection https by default. Part of the difficulty was the prohibitive cost.

Let's Encrypt is a way of doing this for free. Using Let's Encrypt a website owner can organize for his/her website a certificate that allows https connections for free. That's because the code behind Let's Encrypt comes from an open-source community effort supported by the "good guys" of the internet, including the Electronic Frontier Foundation, Mozilla, and others. Some website hosting services now offer to enable Let's Encrypt on their customers' websites, SiteGround being a prominent example. This despite the fact that SiteGround used to charge people for the expensive option in years gone by. That's very good for online security.

If you own a website, contact your web host company and ask them to set up Let's Encrypt for you. It should be free and quick. Ask them to do it in such a way that only https connections are possible.

Let's Encrypt is an excellent and necessary development. It means there are no longer any excuses for website owners to provide insecure connections for their visitors.

A related project to maximize https across the internet is the excellent browser plugin from the Electronic Frontier Foundation, HTTPS Everywhere. If you have this on your browser, it will always attempt https connections if they are possible, which minimizes the chances that your internet traffic will be snooped on.

It's worth noting that there is evidence - also from the Snowden leaks - that 1024 bit prime numbers are of insufficient strength to resist NSA cracking attempts. VPNs and other services should use longer key sizes.

Let's encrypt, as today 2020/12/01 is not available as stand alone clear script that you can control and read, instead is a SNAP Package that want's full control of your Super User permissions, to make it worst it states:

snap "certbot" is not available on stable but is available to install on the following channels: edge snap install --edge certbot Please be mindful pre-release channels may include features not completely tested or implemented. Get more information with 'snap info certbot'.

and when you think it could not get any worse than this: This revision of snap "certbot" was published using classic confinement and thus may perform arbitrary system changes outside of the security sandbox that snaps are usually confined to, which may put your system at risk.

And about the no so transparent SNAP, forget about 32 bits support as this comes out: quote hereAn unexpected error occurred: OSError: cannot load library '/snap/certbot/356/usr/lib/x86_64-linux-gnu/libaugeas.so.0': /snap/certbot/356/usr/lib/x86_64-linux-gnu/libaugeas.so.0: cannot open shared object file: No such file or directory. Additionally, ctypes.util.find_library() did not manage to locate a library called '/snap/certbot/356/usr/lib/x86_64-linux-gnu/libaugeas.so.0'

Don't seem a very Open Source agenda...

[Edited by carlosvgonzalez, December 03]