Beginning September 1, 2020, Apple’s Safari browser will no longer trust SSL/TLS certificates issued for longer than 398 days, which is the equivalent of one year plus the renewal grace period. Apple cited its “ongoing efforts to improve web security” in the announcement earlier this year. The change affects the full lineup of Apple platforms:…
In July of last year, Let's Encrypt announced that it would begin issuing Wildcard certificates for free in January of 2018. Although a little late, the organization has announced that Wildcard certificate support is now live. In addition to these certificates, the organization has updated its ACME protocol to version 2.0. ACMEv2 is required for…
In this episode, John James Jacoby and I discuss the news of the week including the results from the 2018 Stack Overflow survey, Tech Crunch’s rebuild, and Let’s Encrypt adding support for wildcard certificates. We also talk about Google working towards AMP or parts of it becoming official web standards. I ranted about how the…
Google Search Console has started sending out notices to sites that have not yet migrated to HTTPS. Chrome 61 is now in beta and version 62 is on track to begin marking HTTP pages as “NOT SECURE” beginning in October. It will show the warning if it detects any forms on the page that transmit…
In this episode, John James Jacoby and I are joined by Ben Meredith. Over the past few years, Ben has established a friendly and professional relationship with Jesse Petersen, who passed away due to complications from Cystic Fibrosis. Ben shares his unique perspective on who Petersen was as a person and describes the challenges of…
Let’s Encrypt, the free and open certificate authority that launched in 2016, has issued more than 100 million certificates as of June 2017 and is currently securing 47 million domains. Earlier this year, the web passed a major milestone of getting more than 50% of traffic encrypted. Let’s Encrypt has been a major contributor to…
In October 2016 Mozilla Telemetry showed more than 50% of page loads were encrypted with HTTPS. This week Let’s Encrypt is reporting that more than 50% HTTPS page loads is now the norm, a major milestone for HTTPS adoption across the web. Per @Firefox Telemetry, more than 50% HTTPS page loads is now the norm!…
Let’s Encrypt has just closed out its first full year as a certificate authority with more than 20 million active certificates. The free and open certificate authority focuses on lowering the complexity of setting up TLS encryption by making the process more automated. It came out of beta in April 2016 and the number of…
In October, Let’s Encrypt was managing more than 10 million active SSL certificates. That number doubled to 20 million in November as large providers continue to partner with the organization to manage their customers’ certificates. In 2014, Google announced that HTTPS is a ranking factor. Earlier this year, the Google Chrome security team announced that Chrome 56 will mark HTTP…
The Google Chrome Security team announced yesterday the browser will begin labeling HTTP connections as insecure starting in January 2017. Chrome currently displays a green lock icon in the address bar for sites that are secure but the security team will be taking it one step further by displaying a warning on unencrypted sites. “Beginning…
Let’s Encrypt, the open Certificate Authority, passed 5 million active (unexpired) certificates this week. The project came out of beta in April and has grown rapidly in the past few months. At the end of June, Let’s Encrypt reported that it had 3.8 million active certificates covering more than 7 million unique domains. In a…
Do you notice anything different about the Tavern’s URL? We recently enabled SSL on the site. Although the transition from HTTP to HTTPS was relatively smooth, we encountered a few issues. Postmatic Thought The Tavern Disappeared Soon after making the switch, we received error notices from Postmatic when trying to moderate comments via email. Because…
Sucuri, a website security company that specializes in securing WordPress (and other CMS) sites, announced that SSL certificates are now available at no cost to all customers who make use of the company’s firewall. As a sponsor of the Let’s Encrypt initiative, Sucuri joins Automattic as one of the first companies to fully automate free…
Let’s Encrypt announced that the project is exiting beta this week. The initiative, which aims to encrypt 100% of the web by making trusted certificates available to everyone at no cost, launched its beta seven months ago. Since our beta began in September 2015 we’ve issued more than 1.7 million certificates for more than 3.8…
WordPress.com announced today that it has turned on encryption for custom domains. The network’s subdomains have been HTTPS-enabled since 2014 as part of the Reset the Net campaign against mass surveillance. Today Automattic expanded HTTPS coverage to more than one million custom domains hosted on the network. Last April the company joined Mozilla, Cisco, EFF…