Free SSL Certificates from Let's Encrypt to Drive HTTP/2 Adoption
Setting up SSL for a site is not exactly rocket science or expensive. You can get legitimate certificates from NameCheap, for example, for less than 10 Euro a year. Google is also in the business of domains and certificates and CDN providers like CloudFlare offer one-click SSL. But there is still some hassle and the prospect of invalid certificate messages due to human error.
So while it's been easy to be HTTPS enabled for quite a while, it was not a necessity for many sites. Unlike a DNS change going with SSL/TLS was not a hard requirement for go-live. Sites delivering news and other content static content have had little incentive to spend extra resources in going encrypted.
Mozilla, the company behind Firefox and other popular products, announced in April 2015 that they aim to Deprecate non-secure HTTP. Mozilla and other companies have put their money where their mouth is and are sponsoring a free Certificate Authority called Let's Encrypt:
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
Making security a Commodity
Just yesterday, on October 19th 2015, they announced that Let's Encrypt certificates are trusted by all major browsers. The service is to roll out in Q4/2015 and will allow upgrading of traffic to HTTP/2 on a scale not possible without certificates becoming a commodity (like Content Management Systems).
With zero cost, low overhead technical setup, added security, improvement in SEO visibility and faster performance - selling HTTP/2 to non technical folk will get a whole lot easier. 2016 is going to be big for the foundations of the web.
Read more about HTTP/2:
- Serving PHP on HTTP/2 with H2O and HHVM
- HTTP/2 Server Push (with the Symfony HttpKernel)
- Comparing HTTP/1.1 and HTTP/2 on Aircraft WiFi
- Compare resource loading between HTTP/2 (H2O) and HTTP/1.1 (Nginx)
- Ballpark benchmarking web page load time and "time to first paint"
- Benchmarking HTTP/2 servers with h2load - an Apache Bench & Siege equivalent
- HTTP/2 usage statistics in June 2015