in Development, Infrastructure, Security

The Joys of Lets Encrypt

Back in January I wrote about replacing the StartCom SSL cert I previously used on with a certificate from Let’s Encrypt. As I noted then, the certs generated by Let’s Encrypt come with a three month expiry. Today I received a reminder email from their expiry bot:

Let's Encrypt certificate expiration notice

Since this was my first experience relying on the certbot tool to refresh a certificate, I was interested to see if it was going to work. The cron job I created was set to run at 2.30am every Monday, so I assumed I’d see the certificate update on the 3rd of April.

However, a quick look at the cert currently being used shows that it was updated by the job that ran on the 20th March: Certificate

Success!  It happened so easily I didn’t even notice. Score 1 for LetsEncrypt.

The more I use LE and their tooling, the more impressed I am. While the Powershell libraries have lagged a little behind the certbot tool, they’re catching up fast. My team are evaluating use of LE within Docker containers at the moment which also looks quite promising.

We still use “proper” cert authorities when we need wildcards or EV, but for everything else LE is increasingly usable.