Over the last couple of years or so, there has been more emphasis on using HTTPS on the internet. More and more sites are forcing HTTPS connections rather than them being optional, which is a positive change. I'm not going to cover the benefits of using HTTPS over HTTP in this post, instead I'm going to focus on HTTPS for your personal projects.
With the greater adoption of HTTPS for websites and other web based systems, adding HTTPS support can be an additional cost and complication for your project. Setting up a self signed SSL certificate is a free process, however for website usage, it will display various security warnings within the user's browser which can be disconcerting for regular users unfamiliar with the more technical aspects of SSL certificates, whose understanding extends little further than "green padlock = secure".
One solution for this is to purchase an SSL certificate from a trusted certificate authority, however this adds an additional recurring cost to your project on top of a domain name and hosting solution and can vary from around £10/yr for a "standard" SSL certificate to £500/yr+ for an EV SSL certificate. On top of the recent price increases from Nominet for UK domains, if you have multiple projects which don't bring in any revenue, the costs can start to mount up to the point they become inhibitive and cause projects to stall.
This is where Let's Encrypt comes in. I first started seeing this project mentioned in late 2014 and kept an eye on their site to see how it developed. I was expecting an ambitious project such as this to fail to get off the ground, however the updates conitnue to flow during 2015. The initial certificates weren't issued until late 2015 for early access domains and due to the certificates being quite new, there were a few hoops to jump through to set them up compared to regular certificates, so I made a mental note to keep an eye on the project.
At the start of 2016, the project had matured and there were a number of community resources availble for setting up Let's Encrypt certificates. One repo that caught my attention was letsencrypt-win-simple. This is a client for Windows that sets up a Let's Encrypt certificate within IIS and sets up a scheduled task for auto renewing the certificate. I decided to test it out on this site and it was surprisingly simple to get up and running. With a few changes to ensure all external resources were using secure versions (or not in the case of the Steam image API...), the major browsers recognise the certificate and all appears to be well.
As of today, the Let's Encrypt project is now leaving beta having issued over 1.7million certificates. It's been interesting to follow the project as a bystander from very early on and seeing it mature over the last 18 months, potentially making a massive change to the internet by offering free SSL certificates and enabling you to add an extra layer of security to your personal projects without increasing the operational costs.
Disclaimer: I have no connection to the Let's Encrypt project other than using of their certificates.
When I commented it would be 5 months until the next update, I was joking and didn't plan on leaving it this long. Things have been a little quiet on the development side of things recently with me spending more time fiddling with server hardware. It was enjoyable writing the post above as it is something a bit different, so I may look to write another couple of peices before returning to some in-progress projects or starting a couple of new ideas I've recently had. Why is finishing projects so difficult...