Let’s Encrypt is the new exciting certification authority launched in the late 2015, which is backed by industry leaders such as Mozilla, Akamai and more. It offers free, open and automated Domain Validated certificates for secure websites.
The offering of an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates has brought instant recognition, kudos and developer’s love towards it. The service has left beta since April this year and is now generally available for production use.
Let’s Encrypt – One Oh One!
The appeal of Let’s Encrypt is massive – on the popular Linux distros, you can setup HTTPS encryption in well under a minute, that is; acquiring and installing a certificate by running just 2 commands. The heart of the system is the ACME protocol which is designed to automate the management of domain-validation certificates, based on a simple JSON-over-HTTPS interface. Because it is automated, the certificates issued have a 90-day expiration but because it is automatic, you can setup a scheduled operation to do it for you.
Let’s Encrypt Your ASP.NET Websites
If you take a quick look at the Let’s Encrypt repository – The certificate authority source is written in Go whereas the official client is written in Python. So let’s face it – Windows & IIS aren’t exactly first class citizens in the Let’s Encrypt ecosystem, as is the case with most open source projects on network security. But the .NET developer community has been keeping tabs on its progress since the early days of the project. In fact, a number of clients are available to let you have Let’s Encrypt for setting up HTTPS on your ASP.NET website.
IIS / AWS
The best client and library is by far Eugene Bekker’s ACMESharp – A .NET based library and PowerShell client. Using the ACMESharp library requires a bit of scripting, but you get a lot of control over the process and the ability to create and save the intermediate certificates as it implements a “local vault” for managing ACME registrations, identifiers and certificates.
Don’t like Powershell or shy of scripting? Bryan Livingston has created LetsEncrypt-Win-Simple which offers an “interactive” mode command line utility for creating the certificate and installing it into IIS into one seamless operation after you specify the website from the list of configured websites in IIS.
There’s also a GUI shell built atop ACMESharp called Certify. But be forewarned, this is still in Alpha.
Running an Azure Web App and want to have a free Let’s Encrypt certificate? Simon J.K. Pedersen has created a Azure Site Extension that you can install on your Web App (there’s also a x64 variant). If you need a step by step guidance on how to do it for Azure’s PaaS offerings read the post by Nik Molnar.
For Further reading…
The official ACME client listing will always have updated information on the clients available grouped by languages or the environment where they run.
Things you want to know about Let’s Encrypt – Simone Carletti details the most important things you must know about Let’s Encrypt including rate limits, compatibility etc.