If your website still uses HTTP, then you are doing something wrong. HTTPS is the standard. In an HTTPS certificate you can see whether a website uses the latest encryption standards. Let’s Encrypt is a website that issues free certificates and has already done it 1 billion times.
The not-for-profit organization Let’s Encrypt is not just a group of people: it is run by Internet Security Research Group, which is known by its members from Mozilla, Akamai, Electronic Frontier Foundation (EFF) and the University of Michigan, among others. The certificates that Let’s Encrypt issues are not always valid, but for three months, however, you can automate it so that it is renewed over and over again.
It has grown enormously in 2.5 years. In 2017 it had already helped 46 million websites and they did so with only 11 full-timers and a budget of 2.6 million dollars. It has now become 192 million websites with 13 full-timers and a budget of 2.2 million dollars. 1 million certificates are issued every day.
— Let’s Encrypt (@letsencrypt) February 27, 2020
Lately there has been a lot going on around HTTPS. For example, Apple has indicated that it rejects HTTPS certificates in Safari when they are valid for more than 13 months. After all, it is no longer safe after so long. In itself Let’s Encrypt does that well with the validity of 3 months, but it also runs into problems. Hackers target certificates to mask phishing sites. The domain validation has now been upgraded to counter this.
HTTPS means HyperText Transfer Protocol Secure. Where HTTP does not encrypt data to make it more resilient to hackers, it does with HTTPS . HTTPS is essential when it comes to personal data, so not only payments by credit card or iDeal, but also simply a form on which you enter your name and email address.
— Let’s Encrypt (@letsencrypt) February 28, 2020