Let’s Encrypt Offers Free Multi-Domain HTTPS Certificates Thumbnail
Encryption 28 March 2018

Let’s Encrypt Offers Free Multi-Domain HTTPS Certificates

Grant Gross
By Grant GrossGuest AuthorTechnology Reporter

Let’s Encrypt, a nonprofit certificate authority launched in 2016, has delivered on its pledge to offer free certificates that enable secure HTTP connections for complete domains.

The organization’s new wildcard certificate service, allowing website operators to secure all subdomains of a domain with a single certificate, should help the Internet become more secure by enabling wider deployment of HTTPS, Josh Aas, executive director of the Internet Security Research Group, wrote in a blog post. (Full disclosure: the Internet Society is a major sponsor of Let’s Encrypt.)

Last July, Let’s Encrypt had promised that it would offer free wildcard certificates. With the recent release of the ACMEv2 [Automatic Certificate Management Environment] Protocol, the organization delivered on that promise.

“Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS,” Aas wrote. “We’re excited about the prospect of a 100% HTTPS Web and we’re working hard to get there.”

A wildcard certificate isn’t recommended for all websites, Aas noted. In most cases, other certificates, such as single-domain ones, will be more appropriate.

Although wildcard certificates enable streamlined management of HTTPS, some security experts see a potential vulnerability when one is used to secure a large number of websites and the certificate’s private key is compromised. Then, the hacker could use the key to set up a rogue website.

The new wildcard certificates are only available with the new ACMEv2 protocol. To use ACMEv2 for wildcard or non-wildcard certificates, websites will need to be updated to a new ACME client, Aas wrote. Let’s Encrypt will continue to support ACMEv1 for now.

To get started with TLS on your site, please see our Deploy360 TLS resources and our encryption page.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Encryption 10 December 2024

Global Encryption Day Panel Highlights Encryption’s Role in Children’s Online Safety

Encryption is a tool that ensures privacy for all online users, including children. In our panel, we heard from...

Encryption 19 July 2024

Encryption Is a Preventative Tool that Protects Children

Encryption is one of the best tools we have to help keep children safe online. Child safety and encryption...

Strengthening the Internet 30 May 2024

Bill S-210 Threatens Canadians’ Access to the Internet 

Canadian Bill S-210 threatens to break the Internet in Canada and fragment Canadians' access. Help spread the word that...