{"id":21089,"date":"2018-07-13T12:58:00","date_gmt":"2018-07-13T10:58:00","guid":{"rendered":"http:\/\/www.inovex.de\/blog\/?p=13072"},"modified":"2025-03-25T07:54:15","modified_gmt":"2025-03-25T06:54:15","slug":"lets-encrypt-the-web","status":"publish","type":"post","link":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/","title":{"rendered":"Let&#8217;s encrypt the web! All of it."},"content":{"rendered":"<p>Does your website still run on plain HTTP? Would you like it to run on HTTPS? You should, because soon you might not have a choice anymore. The\u00a0HTTPS saturation of the Internet has <a href=\"https:\/\/www.wired.com\/2017\/01\/half-web-now-encrypted-makes-everyone-safer\/\">passed its half-way point<\/a>\u00a0and the browsers are deprecating HTTP websites. Time is running out and <em><a href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a><\/em>\u00a0is here to drive that process by helping you get up to speed on serving HTTPS.<!--more--><\/p>\n<p><em>Let&#8217;s Encrypt<\/em>\u00a0was officially started in 2015 and became publicly available in early 2016. It is the brainchild of two Mozilla employees who soon gained the support of the Electronic Frontier Foundation. The Internet Security Research Group (ISRG) was created as the company behind the project which also became a Linux Foundation Collaborative Project. Today it has <a href=\"https:\/\/letsencrypt.org\/sponsors\/\">sponsors all across the industry<\/a>, the major ones no doubt being Mozilla, Chrome, Akamai and Cisco.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\"><\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#Lets-Encrypt-the-web\" >Let&#8217;s Encrypt the web!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#But-setting-up-an-HTTPS-web-server-is-hard\" >But setting up an HTTPS web server is hard!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#Details-please\" >Details, please!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#The-State-of-ACME\" >The State of ACME<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#Is-HTTP-going-away\" >Is HTTP going away?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#That-was-easier-than-I-thought\" >That was easier than I thought!<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Lets-Encrypt-the-web\"><\/span>Let&#8217;s Encrypt the web!<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The declared goal of <em>Let&#8217;s Encrypt<\/em> is to make HTTPS the standard protocol for the web and let all communication be encrypted. Over the past years, most major websites already switched and <a href=\"https:\/\/letsencrypt.org\/stats\/#percent-pageloads\">the majority of the web traffic is already encrypted<\/a>. <em>Let&#8217;s Encrypt<\/em> is spearheading the push to reach 100% encryption. Since its start the rate of HTTPS adoption has increased, a big chunk of which can be attributed to <em>Let&#8217;s Encrypt<\/em>.<\/p>\n<p>A strong incentive to switch comes from the browser manufacturers. The current version of Chrome will tell you that your website is &#8222;insecure&#8220; when you click on the\u00a0\u2139 in the address bar. The next version will go one step further by <a href=\"https:\/\/security.googleblog.com\/2018\/02\/a-secure-web-is-here-to-stay.html\">actually putting &#8222;insecure&#8220; in the address bar<\/a>, right next to the URL. Who would want their website to be labelled as &#8222;insecure&#8220;? In addition, new features like http\/2 and Geolocation are only available on HTTPS sites and some features will actually be removed from HTTP in the future. And <a href=\"https:\/\/blog.mozilla.org\/security\/2018\/01\/15\/secure-contexts-everywhere\/\">Mozilla is on the same track<\/a>.<\/p>\n<p><strong>A word about &#8222;secure&#8220; websites.<\/strong> There is some debate about the term as it might suggest a false sense of security to the uninformed user.<\/p>\n<p>&#8222;Securing&#8220; a website with HTTPS does two things: traffic encryption and site authentication. While the meaning of the former is quite clear, the latter is worth a closer look. TLS certificates are issued by certification authorities (CA) which offer different levels of validation for their certificates. Domain validation (DV) is the most basic form of validation where the CA checks and certifies that the certificate owner has control of the domain for which the certificate has been issued. That&#8217;s all. On top of that they offer organization validation (OV) and extended validation (EV) where they make a greater effort to verify the actual identity of the organization applying for a certificate. EV certificates make the browsers display the organization&#8217;s name next to the URL in the address bar.<\/p>\n<p>The CAs neither check nor validate the content of the web pages being served using their certificates. An HTTPS website may rip you off or install a virus on your machine just as much as a traditional HTTP website might do. The little word &#8222;secure&#8220; does not protect web users from malicious website operators. All it means is that the data being transferred cannot be read by anybody else along the way, because it is encrypted. It also ensures that the user is not a victim of a DNS spoofing attack by validating the ownership of the DNS or even company name. That&#8217;s all the &#8222;security&#8220; you get from HTTPS.<\/p>\n<p>Still, being sure that the data you are sending across the Internet can only be read by the intended recipient is a huge benefit. Privacy is a human right and the Internet does not get a free pass on human rights. Hence the mission of <em>Let&#8217;s Encrypt<\/em> to encrypt the web.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"But-setting-up-an-HTTPS-web-server-is-hard\"><\/span>But setting up an HTTPS web server is hard!<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>I have done my share of setting up HTTPS web servers, each time trying to remember the openssl commands to use, finding a good way to distribute the certificates, paying the provider and remembering to renew the certificate a year or so later. It is not that hard but it sure is a hassle. These are known problems that have kept many website operators from implementing HTTPS and <em>Let&#8217;s Encrypt<\/em> tries to address these concerns.<\/p>\n<p><strong>Bad performance.<\/strong> Let&#8217;s get this one out of the way first. Yes, encrypting and signing HTTP traffic does require some computing power. But modern implementations of modern algorithms on modern hardware are very capable of processing that at a fraction of the CPU cycles needed for business logic and database processing. <a href=\"https:\/\/istlsfastyet.com\/\">&#8222;TLS has exactly one performance problem: it is not used widely enough.&#8220;<\/a> That&#8217;s that.<\/p>\n<p><strong>Setup complexity.<\/strong> <em>Let&#8217;s Encrypt<\/em> wants to make the HTTPS setup fully automated by enabling the web server software to do all the configuration steps by itself. It will just need to have its domain names configured and can then obtain and install the certificate without human intervention. The implementation status in the major servers for this feature is still lagging behind, though. Apache already <a href=\"https:\/\/httpd.apache.org\/docs\/2.4\/de\/mod\/mod_md.html\">backported mod_md to the 2.4 version<\/a> but it is still experimental. From the documentation it looks like it comes very close to the ideal described above. The standard client certbot has plugins for Apache, nginx and others as well as generic modes and ways to integrate it are well documented.<\/p>\n<p><strong>Signing complexity.<\/strong> This is where <em>Let&#8217;s Encrypt<\/em> shines. No need to run openssl to create a signing request, find out where to upload it to the CA and do the validation dance with the CA. Once installed and configured, the <em>Let&#8217;s Encrypt<\/em> client, e.g. certbot, can do all this automatically via the standard ACME protocol. Certificate providers have tried to simplify this, too, using web interfaces and going as far as generating your server&#8217;s private key for you. <em>Let&#8217;s Encrypt<\/em> makes sure that private keys are private, because it runs locally on the server, and there is no need to manually enter data on a web page.<\/p>\n<p><strong>Renewal reminders.<\/strong> Whatever can be automated once, can easily be repeated. Certificate renewal becomes a cron job. <em>Let&#8217;s Encrypt<\/em> certificates are issued for 90 days in order to minimize trouble from certificate revocation lists that nobody ever checks. With the automated process, the short renewal cycle is a non-issue.<\/p>\n<p><strong>Certificate costs.<\/strong> This is where <em>Let&#8217;s Encrypt<\/em> shines even brighter. Its certificates are issued for free! Doing it for free is central to the mission of <em>Let&#8217;s Encrypt<\/em> so I&#8217;d expect they will try and keep it free. The money to run the service <a href=\"https:\/\/letsencrypt.org\/docs\/faq\/\">comes from the numerous sponsors<\/a> and I am optimistic that they will keep it running for free for a long time.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Details-please\"><\/span>Details, please!<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The service offered by <em>Let&#8217;s Encrypt<\/em> is built around the ACME protocol which has now been published in its second version. It has its own IETF working group and is published as an <a href=\"https:\/\/tools.ietf.org\/html\/draft-ietf-acme-acme\">Internet Draft<\/a>. It has been vetted by different experts to make sure it complies with modern security standards. The <em>Let&#8217;s Encrypt<\/em> website has <a href=\"https:\/\/letsencrypt.org\/docs\/client-options\/\">a long list of client implementations<\/a> but the reference implementation is the <a href=\"https:\/\/certbot.eff.org\/\">EFF&#8217;s certbot<\/a>.<\/p>\n<p>The certbot client handles all certificate-related communication with <em>Let&#8217;s Encrypt<\/em> and is able to directly configure the web server via plugins. Certbot comes with official plugins for Apache and nginx but other third-party plugins are available. It also has plugins for manual and standalone operation if the web server plugins do not work for your setup.<\/p>\n<p>As you might have guessed, <em>Let&#8217;s Encrypt<\/em> can only create domain-validated certificates. Validation entails that the Certification Authority gives you a unique identifier string, possibly some checksum or signature. This string has to be displayed at a location that the domain name you are requesting the certificate for is pointing to. This may either be a file on the web server itself or a TXT record on the name server for the domain. The Apache and nginx plugins use the former method, for the latter you need <a href=\"https:\/\/certbot.eff.org\/docs\/using.html#dns-plugins\">the respective DNS plugin<\/a>.<\/p>\n<p>Here is a complete transcript of certbot getting and installing a certificate on an Apache web server that is running on the same machine. The web server had already been set up to serve the site <code>www.example.com<\/code> via HTTP. The Apache plugin takes care of setting up the HTTPS virtual host and reloading the Apache configuration. When certbot is finished you can go directly to <code>https:\/\/www.example.com<\/code> and enjoy the encrypted web.<\/p>\n<pre class=\"lang:default highlight:0 decode:true\">$ sudo certbot --apache\r\n\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\nPlugins selected: Authenticator apache, Installer apache\r\n\r\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\r\n\r\ncancel): webmaster@example.com\r\n\r\nStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nPlease read the Terms of Service at\r\n\r\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\r\n\r\nagree in order to register with the ACME server at\r\n\r\n\r\n\r\n-------------------------------------------------------------------------------\r\n\r\n(A)gree\/(C)ancel: a\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nWould you be willing to share your email address with the Electronic Frontier\r\n\r\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\r\n\r\norganization that develops Certbot? We'd like to send you email about EFF and\r\n\r\nour work to encrypt the web, protect its users and defend digital rights.\r\n\r\n-------------------------------------------------------------------------------\r\n\r\n(Y)es\/(N)o: n\r\n\r\nWhich names would you like to activate HTTPS for?\r\n\r\n-------------------------------------------------------------------------------\r\n\r\n1: www.example.com\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\r\n\r\nblank to select all options shown (Enter 'c' to cancel):\r\n\r\nObtaining a new certificate\r\n\r\nPerforming the following challenges:\r\n\r\nhttp-01 challenge for www.example.com\r\n\r\nEnabled Apache rewrite module\r\n\r\nWaiting for verification...\r\n\r\nCleaning up challenges\r\n\r\nCreated an SSL vhost at \/etc\/apache2\/sites-available\/000-default-le-ssl.conf\r\n\r\nDeploying Certificate to VirtualHost \/etc\/apache2\/sites-available\/000-default-le-ssl.conf\r\n\r\nEnabling available site: \/etc\/apache2\/sites-available\/000-default-le-ssl.conf\r\n\r\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\r\n\r\n-------------------------------------------------------------------------------\r\n\r\n1: No redirect - Make no further changes to the web server configuration.\r\n\r\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\r\n\r\nnew sites, or if you're confident your site works on HTTPS. You can undo this\r\n\r\nchange by editing your web server's configuration.\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 2\r\n\r\nEnabled Apache rewrite module\r\n\r\nRedirecting vhost in \/etc\/apache2\/sites-enabled\/000-default.conf to ssl vhost in \/etc\/apache2\/sites-enabled\/000-default-le-ssl.conf\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nCongratulations! You have successfully enabled https:\/\/www.example.com\r\n\r\nYou should test your configuration at:\r\n\r\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=www.example.com\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nIMPORTANT NOTES:\r\n\r\n - Congratulations! Your certificate and chain have been saved at:\r\n\r\n   \/etc\/letsencrypt\/live\/www.example.com\/fullchain.pem\r\n\r\n   Your key file has been saved at:\r\n\r\n   \/etc\/letsencrypt\/live\/www.example.com\/privkey.pem\r\n\r\n   Your cert will expire on 2018-09-18. To obtain a new or tweaked\r\n\r\n   version of this certificate in the future, simply run certbot again\r\n\r\n   with the \"certonly\" option. To non-interactively renew *all* of\r\n\r\n   your certificates, run \"certbot renew\"\r\n\r\n - Your account credentials have been saved in your Certbot\r\n\r\n   configuration directory at \/etc\/letsencrypt. You should make a\r\n\r\n   secure backup of this folder now. This configuration directory will\r\n\r\n   also contain certificates and private keys obtained by Certbot so\r\n\r\n   making regular backups of this folder is ideal.\r\n\r\n - If you like Certbot, please consider supporting our work by:\r\n\r\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n\r\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\r\n\r\n<\/pre>\n<p>You can make certbot run non-interactively by passing more command line parameters.<\/p>\n<p>For subsequent renewals, certbot has a renew command. It reads the information stored in <code>\/etc\/letsencrypt<\/code> and renews any certificates that are due to expire soon. Put this into your <code>\/etc\/cron.daily.d\/<\/code> and you never have to worry about forgetting to renew your certificate again. Here is an example run which does nothing, of course. We just got this certificate a couple of minutes ago.<\/p>\n<pre class=\"lang:default highlight:0 decode:true\">$ sudo certbot renew\r\n\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nProcessing \/etc\/letsencrypt\/renewal\/www.example.com.conf\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nCert not yet due for renewal\r\n\r\n-------------------------------------------------------------------------------\r\n\r\nThe following certs are not due for renewal yet:\r\n\r\n  \/etc\/letsencrypt\/live\/www.example.com\/fullchain.pem expires on 2018-09-18 (skipped)\r\n\r\nNo renewals were attempted.\r\n\r\n-------------------------------------------------------------------------------\r\n\r\n<\/pre>\n<p>This is how simple it is to secure your site using <em>Let&#8217;s Encrypt<\/em>. Admittedly, for a production site, you might not want certbot messing with your configuration or write stuff to your docroot. Or your web server might be running in a docker container which is another story all together. Using the fully automated plugins is a good place to start, though, to see how it is done. Certbot can be configured to do as much or as little as you like and with some scripting foo you should be able to easily whip up a procedure that fits your needs. I suggest that you make use of certbot&#8217;s <code>--staging<\/code> option that connects to the testing servers at <em>Let&#8217;s Encrypt<\/em> and allows you to create as many (non-functional) certificates as you like without being rate-limited.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"The-State-of-ACME\"><\/span>The State of ACME<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>ACME stands for &#8222;Automated Certificate Management Environment&#8220; and it is in no way tied to <em>Let&#8217;s Encrypt<\/em>. In fact, it was one of Let&#8217;s Encrypt&#8217;s design goals to create an open system that can be re-used by other CAs and it is their hope that is will be universally adopted as the standard for requesting and issuing certificates. Some of the changes in version 2 of the protocol were introduced to make it better suited for enterprise and commercial usage. There is an interesting <a href=\"https:\/\/www.opensourcesecuritypodcast.com\/2018\/03\/episode-87-chat-with-lets-encrypt-co.html\">interview with one of the founders<\/a>\u00a0from right around the time of the release of ACMEv2.<\/p>\n<p>The most prominent new feature in ACMEv2 is the support for wildcard certificates. This had previously not been included because through the automated process, each web server can easily have its own certificate. <em>Let&#8217;s Encrypt<\/em> encourages users to use separate certificates and therefore separate private keys per server. However, there is a demand for wildcard certificates as some usage scenarios are easier to manage with wildcard certificates and I&#8217;ll mention one in the next section. For the benefit of these users, <em>Let&#8217;s Encrypt<\/em> has been supporting wildcard certificates since 13 March 2018.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Is-HTTP-going-away\"><\/span>Is HTTP going away?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>HTTP support will not go away any time soon.\u00a0Everybody involved is aware that the transition needs to be gradual and smooth. Apart from that, I see continued usage outside the browser and inside private networks. Modern microservice architectures make heavy use of RESTful APIs over HTTP, often on the same machine and even between containers. There would be no obvious benefit in trying to switch all these to HTTPS, too.<\/p>\n<p>Won&#8217;t intranet servers need certificates? Yes, if you want to save your employees the hassle of installing your own root certificate, or worse, subconsciously train them to click certificate warnings away. This is where wildcard certificates come in. In combination with DNS validation, where the web server does not need to be reachable from the outside, <em>Let&#8217;s Encrypt<\/em> can be used for intranet servers, too. Just use an internal subdomain of a public domain. Instead of something like &#8222;example.local&#8220;, put all intranet servers under &#8222;local.example.com&#8220; and get a certificate for &#8222;*.local.example.com&#8220; from <em>Let&#8217;s Encrypt<\/em> via DNS validation.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"That-was-easier-than-I-thought\"><\/span>That was easier than I thought!<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>See, moving your website to HTTPS wasn&#8217;t so hard at all. Now your users can rest assured that only you know about their love for cute cat pictures\u2014thanks to <em>Let&#8217;s Encrypt<\/em>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Does your website still run on plain HTTP? Would you like it to run on HTTPS? You should, because soon you might not have a choice anymore. The\u00a0HTTPS saturation of the Internet has passed its half-way point\u00a0and the browsers are deprecating HTTP websites. Time is running out and Let&#8217;s Encrypt\u00a0is here to drive that process [&hellip;]<\/p>\n","protected":false},"author":70,"featured_media":13532,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"ep_exclude_from_search":false,"footnotes":""},"tags":[101],"service":[879],"coauthors":[{"id":70,"display_name":"Henning Eggers","user_nicename":"heggers"}],"class_list":["post-21089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-security","service-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Let&#039;s encrypt the web! All of it. - inovex GmbH<\/title>\n<meta name=\"description\" content=\"Are you serving your website via HTTPS yet? You really should and Let&#039;s Encrypt\u00a0is here to help you get up to speed on that.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Let&#039;s encrypt the web! All of it. - inovex GmbH\" \/>\n<meta property=\"og:description\" content=\"Are you serving your website via HTTPS yet? You really should and Let&#039;s Encrypt\u00a0is here to help you get up to speed on that.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/\" \/>\n<meta property=\"og:site_name\" content=\"inovex GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inovexde\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-13T10:58:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-25T06:54:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/07\/encrypt-the-web.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Henning Eggers\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/07\/encrypt-the-web-1024x576.png\" \/>\n<meta name=\"twitter:creator\" content=\"@inovexgmbh\" \/>\n<meta name=\"twitter:site\" content=\"@inovexgmbh\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Henning Eggers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"13\u00a0Minuten\" \/>\n\t<meta name=\"twitter:label3\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data3\" content=\"Henning Eggers\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/\"},\"author\":{\"name\":\"Henning Eggers\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/person\\\/53029a323b99ab715c91e926ab67a5dd\"},\"headline\":\"Let&#8217;s encrypt the web! All of it.\",\"datePublished\":\"2018-07-13T10:58:00+00:00\",\"dateModified\":\"2025-03-25T06:54:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/\"},\"wordCount\":2060,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/encrypt-the-web.png\",\"keywords\":[\"Security\"],\"articleSection\":[\"English Content\",\"General\",\"Infrastructure\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/\",\"name\":\"Let's encrypt the web! All of it. - inovex GmbH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/encrypt-the-web.png\",\"datePublished\":\"2018-07-13T10:58:00+00:00\",\"dateModified\":\"2025-03-25T06:54:15+00:00\",\"description\":\"Are you serving your website via HTTPS yet? You really should and Let's Encrypt\u00a0is here to help you get up to speed on that.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/encrypt-the-web.png\",\"contentUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/encrypt-the-web.png\",\"width\":1280,\"height\":720,\"caption\":\"A Spider Web with a Padlock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/lets-encrypt-the-web\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Let&#8217;s encrypt the web! All of it.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\",\"name\":\"inovex GmbH\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\",\"name\":\"inovex GmbH\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/inovex-logo-16-9-1.png\",\"contentUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/inovex-logo-16-9-1.png\",\"width\":1921,\"height\":1081,\"caption\":\"inovex GmbH\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/inovexde\",\"https:\\\/\\\/x.com\\\/inovexgmbh\",\"https:\\\/\\\/www.instagram.com\\\/inovexlife\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/inovex\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC7r66GT14hROB_RQsQBAQUQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/person\\\/53029a323b99ab715c91e926ab67a5dd\",\"name\":\"Henning Eggers\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0c22f6700cb0a83f16943130e8f1f830310c44f1f19f8a330aa8e7c9d81d8561?s=96&d=retro&r=g49765a2aab959dc185cc861e0bb6b106\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0c22f6700cb0a83f16943130e8f1f830310c44f1f19f8a330aa8e7c9d81d8561?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0c22f6700cb0a83f16943130e8f1f830310c44f1f19f8a330aa8e7c9d81d8561?s=96&d=retro&r=g\",\"caption\":\"Henning Eggers\"},\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/author\\\/heggers\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Let's encrypt the web! All of it. - inovex GmbH","description":"Are you serving your website via HTTPS yet? You really should and Let's Encrypt\u00a0is here to help you get up to speed on that.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/","og_locale":"de_DE","og_type":"article","og_title":"Let's encrypt the web! All of it. - inovex GmbH","og_description":"Are you serving your website via HTTPS yet? You really should and Let's Encrypt\u00a0is here to help you get up to speed on that.","og_url":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/","og_site_name":"inovex GmbH","article_publisher":"https:\/\/www.facebook.com\/inovexde","article_published_time":"2018-07-13T10:58:00+00:00","article_modified_time":"2025-03-25T06:54:15+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/07\/encrypt-the-web.png","type":"image\/png"}],"author":"Henning Eggers","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/07\/encrypt-the-web-1024x576.png","twitter_creator":"@inovexgmbh","twitter_site":"@inovexgmbh","twitter_misc":{"Verfasst von":"Henning Eggers","Gesch\u00e4tzte Lesezeit":"13\u00a0Minuten","Written by":"Henning Eggers"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#article","isPartOf":{"@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/"},"author":{"name":"Henning Eggers","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/53029a323b99ab715c91e926ab67a5dd"},"headline":"Let&#8217;s encrypt the web! All of it.","datePublished":"2018-07-13T10:58:00+00:00","dateModified":"2025-03-25T06:54:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/"},"wordCount":2060,"commentCount":1,"publisher":{"@id":"https:\/\/www.inovex.de\/de\/#organization"},"image":{"@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/07\/encrypt-the-web.png","keywords":["Security"],"articleSection":["English Content","General","Infrastructure"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/","url":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/","name":"Let's encrypt the web! All of it. - inovex GmbH","isPartOf":{"@id":"https:\/\/www.inovex.de\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#primaryimage"},"image":{"@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/07\/encrypt-the-web.png","datePublished":"2018-07-13T10:58:00+00:00","dateModified":"2025-03-25T06:54:15+00:00","description":"Are you serving your website via HTTPS yet? You really should and Let's Encrypt\u00a0is here to help you get up to speed on that.","breadcrumb":{"@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#primaryimage","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/07\/encrypt-the-web.png","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/07\/encrypt-the-web.png","width":1280,"height":720,"caption":"A Spider Web with a Padlock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.inovex.de\/de\/blog\/lets-encrypt-the-web\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inovex.de\/de\/"},{"@type":"ListItem","position":2,"name":"Let&#8217;s encrypt the web! All of it."}]},{"@type":"WebSite","@id":"https:\/\/www.inovex.de\/de\/#website","url":"https:\/\/www.inovex.de\/de\/","name":"inovex GmbH","description":"","publisher":{"@id":"https:\/\/www.inovex.de\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inovex.de\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.inovex.de\/de\/#organization","name":"inovex GmbH","url":"https:\/\/www.inovex.de\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png","width":1921,"height":1081,"caption":"inovex GmbH"},"image":{"@id":"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inovexde","https:\/\/x.com\/inovexgmbh","https:\/\/www.instagram.com\/inovexlife\/","https:\/\/www.linkedin.com\/company\/inovex","https:\/\/www.youtube.com\/channel\/UC7r66GT14hROB_RQsQBAQUQ"]},{"@type":"Person","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/53029a323b99ab715c91e926ab67a5dd","name":"Henning Eggers","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/0c22f6700cb0a83f16943130e8f1f830310c44f1f19f8a330aa8e7c9d81d8561?s=96&d=retro&r=g49765a2aab959dc185cc861e0bb6b106","url":"https:\/\/secure.gravatar.com\/avatar\/0c22f6700cb0a83f16943130e8f1f830310c44f1f19f8a330aa8e7c9d81d8561?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0c22f6700cb0a83f16943130e8f1f830310c44f1f19f8a330aa8e7c9d81d8561?s=96&d=retro&r=g","caption":"Henning Eggers"},"url":"https:\/\/www.inovex.de\/de\/blog\/author\/heggers\/"}]}},"_links":{"self":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/users\/70"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/comments?post=21089"}],"version-history":[{"count":2,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21089\/revisions"}],"predecessor-version":[{"id":61475,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21089\/revisions\/61475"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/media\/13532"}],"wp:attachment":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/media?parent=21089"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/tags?post=21089"},{"taxonomy":"service","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/service?post=21089"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/coauthors?post=21089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}