Blog

  • Preparing to Issue 200 Million Certificates in 24 Hours

    When we think about what essential infrastructure for the Internet needs to be prepared for though, we’re not thinking about normal days. We want to be prepared to respond as best we can to the most difficult situations that might arise.

    Read more

  • The Next Gen Database Servers Powering Let's Encrypt

    Database performance is the single most critical factor in our ability to scale while meeting service level objectives. In late 2020, we upgraded our database servers and we’ve been very happy with the results.

    Read more

  • A Year-End Letter from the Executive Director of Let's Encrypt and ISRG

    ISRG’s first project, Let’s Encrypt, has been wildly successful. We’re now helping to secure more than 225 million websites and the Web is making great progress towards 100% HTTPS. We’ve put in a lot of hard work and dealt with some challenges along the way, but at a high level the outlook is quite sunny. I’m incredibly proud to share some of what our organization has accomplished in 2020.

    Read more

  • Extending Android Device Compatibility for Let's Encrypt Certificates

    We’re happy to announce that we have developed a way for older Android devices to retain their ability to visit sites that use Let’s Encrypt certificates after our cross-signed intermediates expire. We are no longer planning any changes in January that may cause compatibility issues for Let’s Encrypt subscribers.

    Read more

  • Standing on Our Own Two Feet [Updated]

    When a new Certificate Authority (CA) comes on the scene, it faces a conundrum: In order to be useful to people, it needs its root certificate to be trusted by a wide variety of operating systems (OSes) and browsers. However, it can take years for the OSes and browsers to accept the new root certificate, and even longer for people to upgrade their devices to the newer versions that include that change.

    Read more

  • Let's Encrypt's New Root and Intermediate Certificates

    On Thursday, September 3rd, 2020, Let’s Encrypt issued six new certificates: one root, four intermediates, and one cross-sign. These new certificates are part of our larger plan to improve privacy on the web, by making ECDSA end-entity certificates widely available, and by making certificates smaller.

    Read more

  • Let's Encrypt Has Issued a Billion Certificates

    We issued our billionth certificate on February 27, 2020. We’re going to use this big round number as an opportunity to reflect on what has changed for us, and for the Internet, leading up to this event.

    Read more

  • Multi-Perspective Validation Improves Domain Validation Security

    At Let’s Encrypt we’re always looking for ways to improve the security and integrity of the Web PKI. We’re proud to launch multi-perspective domain validation today because we believe it’s an important step forward for the domain validation process.

    Read more

  • How Let's Encrypt Runs CT Logs

    Let’s Encrypt launched a Certificate Transparency (CT) log this past spring. We’re excited to share how we built it in hopes that others can learn from what we did.

    Read more

  • Onboarding Your Customers with Let's Encrypt and ACME

    If you work at a hosting provider or CDN, ACME’s DNS-01 validation method can make it a lot easier to onboard new customers who have an existing HTTPS website at another provider. Before your new customer points their domain name at your servers, you need to have a certificate already installed for them. Otherwise visitors to the customer’s site will see an outage for a few minutes while you issue and install a certificate.

    Read more

  • Introducing Oak, a Free and Open Certificate Transparency Log

    Today we are announcing a new Certificate Transparency log called Oak.

    Read more

  • Transitioning to ISRG's Root

    On January 11, 2021, we will change the default intermediate certificate we provide via ACME. Most subscribers don’t need to do anything. Subscribers who support very old TLS/SSL clients may want to manually configure the older intermediate to increase backwards compatibility.

    Read more

  • The ACME Protocol is an IETF Standard

    It has long been a dream of ours for there to be a standardized protocol for certificate issuance and management. That dream has become a reality now that the IETF has standardized the ACME protocol as RFC 8555.

    Read more

  • Facebook Expands Support for Let’s Encrypt

    We’re excited that Facebook is supporting our work through a three-year Platinum sponsorship! We asked them to share their thoughts on HTTPS adoption here. Please join us in thanking Facebook for their support of Let’s Encrypt and our mission to encrypt the Web!

    Read more

  • Looking Forward to 2019

    Let’s Encrypt had a great year in 2018. We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record.

    Read more

  • Let's Encrypt Root Trusted By All Major Root Programs

    As of the end of July 2018, the Let’s Encrypt root, ISRG Root X1, is directly trusted by Microsoft products. Our root is now trusted by all major root programs, including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.

    Read more

  • Engineering deep dive: Encoding of SCTs in certificates

    How Signed Certificate Timestamps get embedded in certificates

    Read more

  • Looking Forward to 2018

    While we’re proud of what we accomplished in 2017, we are spending most of the final quarter of the year looking forward rather than back.

    Read more

  • ACME Support in Apache HTTP Server Project

    We’re excited that support for getting and managing TLS certificates via the ACME protocol is coming to the Apache HTTP Server Project (httpd).

    Read more

  • Wildcard Certificates Coming January 2018

    Let’s Encrypt will begin issuing wildcard certificates in January of 2018.

    Read more

  • Milestone: 100 Million Certificates Issued

    Let’s Encrypt has reached a milestone. We’ve now issued more than 100,000,000 certificates.

    Read more

  • ACME v2 API Endpoint Coming January 2018

    Let’s Encrypt will add support for the IETF-standardized ACME v2 protocol in January of 2018.

    Read more

  • OVH Renews Platinum Sponsorship of Let's Encrypt

    We’re pleased to announce that OVH has renewed their support for Let’s Encrypt as a Platinum sponsor for the next three years.

    Read more

  • Let’s Encrypt 2016 In Review

    Our first full year as a live CA was an exciting one. I’m incredibly proud of what our team and community accomplished during 2016. I’d like to share some thoughts about how we’ve changed, what we’ve accomplished, and what we’ve learned.

    Read more

  • Launching Our Crowdfunding Campaign

    Today we kicked off our first crowdfunding campaign with the goal of raising enough funds to cover about one month of our operations - $200,000.

    Read more

  • Our First Grant: The Ford Foundation

    We are proud to announce that The Ford Foundation has awarded us a grant to help our growing operations.

    Read more

  • Squarespace OCSP Stapling Implementation

    OCSP stapling is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation status of certificates.

    Read more

  • Introducing Internationalized Domain Name (IDN) Support

    Let’s Encrypt is pleased to introduce support for issuing certificates that contain Internationalized Domain Names (IDNs).

    Read more

  • ISRG Legal Transparency Report, January 2016 - June 2016

    The trust of our users is ISRG’s most critical asset. Transparency regarding legal requests is an important part of making sure our users can trust us, and to that end we will be publishing reports twice annually.

    Read more

  • What It Costs to Run Let's Encrypt

    Today we’d like to explain what it costs to run Let’s Encrypt. We’re doing this because we strive to be a transparent organization, we want people to have some context for their contributions to the project, and because it’s interesting.

    Read more

  • Let's Encrypt Root to be Trusted by Mozilla

    The Let’s Encrypt root key (ISRG Root X1) will be trusted by default in Firefox 50, which is scheduled to ship in Q4 2016.

    Read more

  • Full Support for IPv6

    Let’s Encrypt is happy to announce full support for IPv6.

    Read more

  • Defending Our Brand [Updated]

    We have confirmed that Comodo submitted Requests for Express Abandonment for all three trademark registration applications in question.

    Read more

  • Progress Towards 100% HTTPS, June 2016

    Our goal with Let’s Encrypt is to get the Web to 100% HTTPS. We’d like to give a quick progress update.

    Read more

  • Leaving Beta, New Sponsors

    Let’s Encrypt is leaving beta today. We’re also excited to announce that founding sponsors Cisco and Akamai have renewed their Platinum sponsorships with 3-year commitments, Gemalto is joining as our newest Gold sponsor, and HP Enterprise, Fastly, Duda and ReliableSite.net are our newest Silver sponsors.

    Read more

  • ISRG Legal Transparency Report, July 2015 - December 2015

    The trust of our users is ISRG’s most critical asset. Transparency regarding legal requests is an important part of making sure our users can trust us, and to that end we will be publishing reports twice annually.

    Read more

  • New Name, New Home for the Let's Encrypt Client Software

    Over the next few months the Let’s Encrypt client software (not the service) will transition to a new name, soon to be announced, and a new home at the Electronic Frontier Foundation (EFF).

    Read more

  • Our Millionth Certificate

    Let’s Encrypt has issued its millionth certificate, helping to secure approximately 2.4 million domains. This milestone means a lot to a team that started building a CA from scratch 16 months ago with an aim to have a real impact on the security of the Web as soon as possible.

    Read more

  • OVH Sponsors Let's Encrypt

    We’re pleased to announce that OVH has become a Platinum sponsor of Let’s Encrypt.

    Read more

  • Entering Public Beta

    We’re happy to announce that Let’s Encrypt has entered Public Beta. Invitations are no longer needed in order to get free certificates from Let’s Encrypt.

    Read more

  • Facebook Sponsors Let's Encrypt

    We’re happy to share today that Facebook is the newest Gold sponsor of Let’s Encrypt.

    Read more

  • Public Beta: December 3, 2015

    Let’s Encrypt will enter Public Beta on December 3rd, 2015. Once we’ve entered Public Beta our systems will be open to anyone who would like to request a certificate.

    Read more

  • Why ninety-day lifetimes for certificates?

    We’re sometimes asked why we only offer certificates with ninety-day lifetimes. People asking this are usually concerned that this is too short and wish we would offer certificates lasting a year or more, like some other CAs do.

    Read more

  • The CA's Role in Fighting Phishing and Malware

    Since we announced Let’s Encrypt we’ve often been asked how we’ll ensure that we don’t issue certificates for phishing and malware sites.

    Read more

  • Let's Encrypt is Trusted

    We’re pleased to announce that we’ve received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let’s Encrypt certificates can enjoy a secure browsing experience with no special configuration required.

    Read more

  • Internet Society Sponsors Let's Encrypt

    We’re pleased to announce that Internet Society (ISOC) has become a Gold sponsor of Let’s Encrypt.

    Read more

  • Our First Certificate Is Now Live

    Let’s Encrypt passed another major milestone by issuing our first certificate.

    Read more

  • Let's Encrypt Community Support

    Let’s Encrypt’s success depends on the support of a strong community. Nowhere is this more true than when it comes to subscriber support. Today we’re happy to announce Let’s Encrypt Community Support, a place for our community to both give and receive support.

    Read more

  • Updated Let's Encrypt Launch Schedule

    We can’t wait to see websites turn on TLS with Let’s Encrypt. Trust is our most important asset, however, and we need to take the necessary time to make sure our systems are secure and stable.

    Read more

  • ISRG Legal Transparency Report, January 2015 - June 2015

    The trust of our users is ISRG’s most critical asset. Transparency regarding legal requests is an important part of making sure our users can trust us, and to that end we will be publishing reports twice annually.

    Read more

  • Let's Encrypt Launch Schedule

    Let’s Encrypt has reached a point where we’re ready to announce our launch schedule.

    Read more

  • Let's Encrypt Root and Intermediate Certificates

    The keys and certificates that will underlie Let’s Encrypt have been generated.

    Read more

  • Draft Let's Encrypt Subscriber Agreement

    Today we’re publishing the first public draft of the Let’s Encrypt Subscriber Agreement.

    Read more

  • Updated Draft ISRG CP and CPS

    Today we’re publishing an updated draft of our Certificate Policy (CP) and the first public draft of our Certification Practice Statement (CPS).

    Read more

  • ISRG Engages NCC Group for Let's Encrypt Audit

    ISRG has engaged the NCC Group Crypto Services team to perform a security review of Let’s Encrypt’s certificate authority software, boulder, and the ACME protocol.

    Read more

  • ISRG and The Linux Foundation to Collaborate

    Internet Security Research Group (ISRG), the non-profit entity behind Let’s Encrypt, is pleased to announce our collaboration with The Linux Foundation.

    Read more

  • Draft ISRG Certificate Policy (CP)

    Today we’re publishing a draft of our Certificate Policy (CP).

    Read more

  • Let’s Encrypt: Delivering SSL/TLS Everywhere

    Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?

    Read more

Subscribe via RSS