Let's Encrypt, a free, automated, and open certificate authority, is integrated with GitLab to help DevOps teams encrypt web traffic and protect the confidentiality of information their users share with websites.
This article explains, step by step, how to add a Let's Encrypt Transport Layer Security (TLS) certificate to a website hosted and managed via GitLab Pages.
What is TLS?
TLS is a protocol designed to make the internet more secure. Now more than two decades old, TLS, which evolved from Secure Sockets Layer (SSL), helps ensure that when users connect to websites — and transmit potentially sensitive data to and from those websites — they are doing so over a secure connection.
It's an important protocol because internet connections aren't necessarily secure by default. Malicious actors can intervene in the internet connection made to retreive web pages, and then they can view or even manipulate the data traveling through that connection. To minimize the chance of that happening, DevOps teams need to enable a way to guarantee - to certify - that the connection is genuine and secure.
That's where TLS comes in.
How does TLS work?
TLS consists of several components, one of which is a digital certificate, the goal of which is to secure data flowing to and from a website and help users trust in the integrity and confidentiality of that data.
The website or domain controller can install that certificate on a web server so that a user visiting the site can view it and feel assured their connection to the website is secure. The controller will ask a certifying body — called a certificate authority, or CA — to electronically sign and verify the certificate to indicate that the person or organization has control over the domain. Users can then view the certificate's details to scrutinize the connection.
To do this, simply load any TLS-protected website in a browser ("https://" will appear in the URL where the "s" indicates a secure connection), and, typically, a "lock" icon in the browser's URL bar. Clicking on that lock reveals certificate details.
As long as users trust the body that issued the certificate, they can feel more confident their connection to the website is secure.
GitLab's website is delivered over a secure connection.
GitLab's website security certificate is valid.
Let's Encrypt and TLS certificates
Historically, obtaining TLS certificates was a complicated and costly endeavor.
Let's Encrypt formed in 2013 to ensure everyone had access to the benefits of encryption. Part of the nonprofit Internet Security Research Group, Let's Encrypt aims to simplify the process of issuing, installing, configuring, and managing TLS certificates. By doing so, it hopes to create an internet that is more privacy-respecting and secure.
Let's Encrypt is an open and secure certificate authority that makes the process of obtaining and applying TLS certificates easy, automated, and free for website administrators. GitLab's integration with Let's Encrypt enables anyone hosting a webpage using GitLab Pages to obtain and apply a TLS certificate with a single click.
Securing a website with GitLab Pages and Let's Encrypt
GitLab Pages allows anyone with a GitLab project to host and maintain a static website and, with the help of Let's Encrypt, do so securely.
To start, create a GitLab pages website:
- Create a new project (or fork a sample project) in your GitLab namespace.
- Add your website's source code to that project.
- Register a personal domain name, add it to the project, and verify it.
You're now ready to add a TLS certificate to your site with Let's Encrypt.
- Navigate to your project's Settings, then choose Pages.
- Find the domain you want to secure and select Details.
- Click Edit in the top-right corner to modify those details.
- Click the switch to activate Automatic certificate management using Let's Encrypt.
- Click Save to save your changes.
And that's it. Really.
The only thing left to do is wait. Obtaining a Let's Encrypt certificate for a website can take up to an hour. But once you've acquired one, you'll see the certificate information underneath the domain name listed in your Pages settings.
Additionally, you can enhance your website's security by forcing incoming traffic to connect to it securely. Just tick the box to enable "Force HTTPS".
Contributing to a more secure internet
The internet is an incredibly valuable tool, but with that value comes complexity. Let’s Encrypt provides digital certificates to more than 290 million websites, working to create an internet that is more secure and respectful of the privacy of its users.
At GitLab, we believe that everyone can contribute — and that includes contributing to a safer, more secure internet. By obtaining and setting up an TLS certificate, DevOps teams benefit from and contribute to the adoption of internet encryption. Internet security shouldn’t be difficult, and GitLab hopes that our integration with Let’s Encrypt supports a more secure internet for everyone.
