Let's Encrypt!

![](upload://xBme2XnMEpEuiCrAa35FH0sbAGS.jpeg)

Let's Encrypt!

Also a neat 2.5D parallax video for Wikipedia.

I finally got off my butt to get a process in place to obtain and update security certificates using Let’s Encrypt for both pixls.us and discuss.pixls.us. I also did some (more) work with Victor Grigas and Wikipedia to support their #Edit2015 video this year.

Wikipedia #Edit2015

Last year, I did some 2.5 parallax animations for Wikipedia to help with their first-ever end-of-the-year retrospective video (see the blog post from last year). Here is the retrospective from #Edit2014:

So it was an honor to hear from Victor Grigas again this year! This time around there was a neat new crop of images he wanted to animate for the video. Below you’ll find my contributions (they were all used in the final edit, just shortened to fit appropriately):

Wiki #Edit2015 Bel from Pat David on Vimeo.
Wiki #Edit2015 Je Suis Charlie from Pat David on Vimeo.
Wiki #Edit2015 Samantha Cristoforetti Nimoy Tribute from Pat David on Vimeo.
Wiki #Edit2015 SCOTUS LGBQT from Pat David on Vimeo.

Here is the final cut of the video, just released today:

Victor chose some really neat images that were fun to work on! Of course, all free software was used in this creation (GIMP for cutting up the images into sections and rebuilding textures as needed and Blender for re-assembling the planes and animating the camera movements). I had previously written a tutorial on doing this with free software on my blog.

You can read more on the wikimedia.org blog!

New Certificates

![Let's Encrypt Logo|550x131](upload://3EQ4pfHRCFdoVtjxrRg5zzSOOyS.png)

Yes, this is not very exciting I’ll concede. I think it _is_ important though.

I recently took advantage of my beta invite to Let’s Encrypt. It’s a certificate authority that provides free X.509 certs for domain owners that was founded by the Electronic Frontier Foundation, Mozilla, and the University of Michigan.

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

It was relatively painless to obtain the certs. I only had to run their program to use ACME to verify my domain ownership through placing a file on my web root. Once the certs were generated I only had to make some small changes for it to work automatically on https://discuss.pixls.us. (And to automatically get picked up when I update the certs within 90 days).

I still had to manually copy/paste the certs into cpanel for https://pixls.us, though. Not automated (or elegant) but it works and only takes an extra moment to do.


This is a companion discussion topic for the original entry at https://pixls.us/blog/2015/12/let-s-encrypt/
2 Likes

Great job Pat! :slight_smile:
I like the Videos and I’m also thrilled about Let’s Encrypt. :smile:
I tried it a few weeks ago, now I need to fix all the things on my website so I can move it over too.

1 Like

Thanks @Jonas_Wagner! The videos were a fun diversion and practice for pre-visualizing how to approach the problem (which parts of the image to cut up into planes and animate, how far to heal background based on how the foreground elements were going to move, etc…).

Yep, the Let’s Encrypt stuff wasn’t nearly as hard as I thought it would be. So I’m glad it worked out (I honestly was not planning on implementing it until after the holidays, and in the end it only took about 30-40 minutes to fully set up!).

It would have been faster/easier if I had more access to my shared webhost, but c’est la vie! :slight_smile: