What are HTTPS, TLS certificates, and Let's Encrypt?
Introduction
In this article, you'll learn what HTTPS and TLS are, what certification authorities (CAs) are, what Let's Encrypt is, the difference between regular and wildcard certificates, and more.
What is TLS?
"Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. [...] TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the current version is TLS 1.3, defined in August 2018. TLS builds on the now-deprecated SSL (Secure Sockets Layer) specifications (1994, 1995, 1996) developed by Netscape Communications for adding the HTTPS protocol to their Navigator web browser." ("Transport Layer Security")
What is HTTPS?
HTTPS is a protocol that extends the original HTTP standard protocol to support a more secure web, encrypting network traffic using the TLS protocol. Because of that, it's also referred to as HTTP over TLS.
What are some of the benefits of using HTTPS?
HTTPS provides many benefits, including:
- When a website uses HTTPS, all communication between the website and the user's browser is encrypted. That's especially important for sensitive information such as login credentials, financial details, and personal data.
- It helps protect against threats like data tampering, phishing attacks, and man-in-the-middle attacks.
- Search engines like Google prioritize HTTPS websites in their search results.
How to provide security through TLS?
To provide security through TLS, like using HTTPS, you must obtain a TLS certificate from a certificate authority (CA).
What is a certificate authority (CA)?
"A certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate." ("Certificate authority")
What is Let's Encrypt?
Let's Encrypt is a free (nonprofit) automated certificate authority (CA) providing TLS certificates to millions of websites. It is a service provided by the Internet Security Research Group (ISRG), sponsored by companies like Mozilla, Cisco, Meta, and Google. According to their website, it's run by a small team and relies on automation to keep costs down, not offering direct support.
Is it good enough?
Yes, it is, on pair of paid TLS certificates.
What is Certbot?
We must use a client software tool to connect to Let's Encrypt API, and the most popular one is EFF's Certbot.
"Certbot is a free, open source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS. Certbot is made by the Electronic Frontier Foundation (EFF), a 501(c)3 nonprofit based in San Francisco, CA, that defends digital privacy, free speech, and innovation." ("About Certbot")
What's the difference between regular certificates and wildcard certificates?
A regular certificate, a.k.a. a single-domain certificate, is only valid for one domain or subdomain, whereas a wildcard certificate can secure all subdomains under a single domain.
A wildcard certificate eliminates the need to obtain and manage individual certificates for every subdomain. That makes certificate management more convenient, especially when there are many subdomains to secure.
Wildcard certificates use a wildcard character (*
) in the domain name to match any subdomain, hence their name.
It's important to note that a wildcard certificate cannot secure the root domain itself. For example, a wildcard certificate for *.example.com
will not cover example.com
. You'll need a separate, single-domain certificate to secure the root example.com
domain.
Also, a wildcard certificate can only secure one level of subdomains. For example, if you have a wildcard certificate for *.example.com
, it will cover subdomain.example.com
, but not sub.subdomain.example.com
. If you have multiple subdomain levels, you need different wildcard certificates for each one.
Conclusion
And that's it for this article. I hope you enjoyed it!
Thank you for reading, and let me know if you have any issues or suggestions in the comments below.
I incorporated generative AI tools into my workflow, and I love them. But I use them carefully to brainstorm, research information faster, and express myself clearly. It's not copy/paste in any way.
Related posts
Wildcard HTTPS on Linux + Let's Encrypt + Nginx
How to set up a Linux VPS
How to install Nginx on Linux
How to set up a website on Linux + Nginx
How to password-protect content on Linux + Nginx
Interesting links
FAQ - Let's Encrypt
User Guide - Certbot documentation
Bibliography
"About Certbot" Certbot, n.d. Fri. 8 Jun 2023 <https://certbot.eff.org/pages/about>
"Certificate authority" Wikipedia, n.d. Fri. 8 Jun 2023 <https://en.wikipedia.org/wiki/Certificate_authority>
"Transport Layer Security" Wikipedia, n.d. Fri. 8 Jun 2023 <https://en.wikipedia.org/wiki/Transport_Layer_Security>
What are HTTPS, TLS certificates, and Let's Encrypt? by Flavio Silva is licensed under a Creative Commons Attribution 4.0 International License.