Forest header image

Symfony Finland
Random things on PHP, Symfony and web development

Free SSL Certificates from Let's Encrypt to Drive HTTP/2 Adoption

It's widely stated that the use of HTTP/2 requires SSL/TLS encryption. This technically not true, but as clients only support HTTP/2 via SSL it's a defacto-requirement. With browser and server support for the new protocol version, the only hurdle is the overhead of setting up encryption.

Setting up SSL for a site is not exactly rocket science or expensive. You can get legitimate certificates from NameCheap, for example, for less than 10 Euro a year. Google is also in the business of domains and certificates and CDN providers like CloudFlare offer one-click SSL. But there is still some hassle and the prospect of invalid certificate messages due to human error.

So while it's been easy to be HTTPS enabled for quite a while, it was not a necessity for many sites. Unlike a DNS change going with SSL/TLS was not a hard requirement for go-live. Sites delivering news and other content static content have had little incentive to spend extra resources in going encrypted.

Mozilla, the company behind Firefox and other popular products, announced in April 2015 that they aim to Deprecate non-secure HTTP. Mozilla and other companies have put their money where their mouth is and are sponsoring a free Certificate Authority called Let's Encrypt:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).

Making security a Commodity

Just yesterday, on October 19th 2015, they announced that Let's Encrypt certificates are trusted by all major browsers. The service is to roll out in Q4/2015 and will allow upgrading of traffic to HTTP/2 on a scale not possible without certificates becoming a commodity (like Content Management Systems).

With zero cost, low overhead technical setup, added security, improvement in SEO visibility and faster performance - selling HTTP/2 to non technical folk will get a whole lot easier. 2016 is going to be big for the foundations of the web.

Read more about HTTP/2:

Written by Jani Tarvainen on Tuesday October 20, 2015
Permalink - Tags: ssl, tls, http2

« eZ Platform + Symfony vs. Neos CMS + Flow - Running Symfony Applications with PHP-PM or PHPFastCGI »