In this article, you'll learn what HTTPS and TLS are, what certification authorities (CAs) are, what Let's Encrypt is, the difference between regular and wildcard certificates, and more.
"Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. [...] TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the current version is TLS 1.3, defined in August 2018. TLS builds on the now-deprecated SSL (Secure Sockets Layer) specifications (1994, 1995, 1996) developed by Netscape Communications for adding the HTTPS protocol to their Navigator web browser." ("Transport Layer Security")
HTTPS is a protocol that extends the original HTTP standard protocol to support a more secure web, encrypting network traffic using the TLS protocol. Because of that, it's also referred to as HTTP over TLS.
HTTPS provides many benefits, including:
- When a website uses HTTPS, all communication between the website and the user's browser is encrypted. That's especially important for sensitive information such as login credentials, financial details, and personal data.
- It helps protect against threats like data tampering, phishing attacks, and man-in-the-middle attacks.
- Search engines like Google prioritize HTTPS websites in their search results.
To provide security through TLS, like using HTTPS, you must obtain a TLS certificate from a certificate authority (CA).
"A certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate." ("Certificate authority")
Let's Encrypt is a free (nonprofit) automated certificate authority (CA) providing TLS certificates to millions of websites. It is a service provided by the Internet Security Research Group (ISRG), sponsored by companies like Mozilla, Cisco, Meta, and Google. According to their website, it's run by a small team and relies on automation to keep costs down, not offering direct support.
Is it good enough?
Yes, it is, on pair of paid TLS certificates.
"Certbot is a free, open source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS. Certbot is made by the Electronic Frontier Foundation (EFF), a 501(c)3 nonprofit based in San Francisco, CA, that defends digital privacy, free speech, and innovation." ("About Certbot")
A regular certificate, a.k.a. a single-domain certificate, is only valid for one domain or subdomain, whereas a wildcard certificate can secure all subdomains under a single domain.
A wildcard certificate eliminates the need to obtain and manage individual certificates for every subdomain. That makes certificate management more convenient, especially when there are many subdomains to secure.
Wildcard certificates use a wildcard character (*) in the domain name to match any subdomain, hence their name.
It's important to note that a wildcard certificate cannot secure the root domain itself. For example, a wildcard certificate for
*.example.com will not cover
example.com. You'll need a separate, single-domain certificate to secure the root
Also, a wildcard certificate can only secure one level of subdomains. For example, if you have a wildcard certificate for
*.example.com, it will cover
subdomain.example.com, but not
sub.subdomain.example.com. If you have multiple subdomain levels, you need different wildcard certificates for each one.
And that's it for this article. I hope you enjoyed it!
Thank you for reading, and let me know if you have any issues or suggestions in the comments below.
I used AI tools to assist me in writing this content, but only to research information faster and express my ideas more clearly. It is not copy and paste.
"About Certbot" Certbot, n.d. Fri. 8 Jun 2023 <https://certbot.eff.org/pages/about>
"Certificate authority" Wikipedia, n.d. Fri. 8 Jun 2023 <https://en.wikipedia.org/wiki/Certificate_authority>
"Transport Layer Security" Wikipedia, n.d. Fri. 8 Jun 2023 <https://en.wikipedia.org/wiki/Transport_Layer_Security>
What are HTTPS, TLS certificates, and Let's Encrypt? by Flavio Silva is licensed under a Creative Commons Attribution 4.0 International License.