Internet Technologies 14 March 2016

Let’s Encrypt hits 1 million certificates

By Kevin MeynellGuest AuthorNominee for the Internet Society Board of Trustees

letsencryptEarly last week, Let’s Encrypt issued its one millionth certificate, a impressive achievement considering it only entered its public beta phase just over three months ago. Let’s Encrypt is a new trusted Certificate Authority (CA) offering free digital certificates used for securing servers for use with TLS applications such as secure web browsing and online financial transactions.

In fact, the 1 million Let’s Encrypt certificates are actually securing approximately 2.5 million fully-qualified domain names as a single certificate can cover multiple domains, and 90% of these have never previously been reachable with HTTPS before. This suggests that making certificates cheap and easy to install indeed encourages the deployment of TLS and the aim of ensuring that secure web browsing becomes the default.

Let’s Encrypt also supports automation to simplify obtaining and managing certificates, as well as encouraging 90 day renewal to limit damage from key compromise and mis-issuance. This is achieved through the Automated Certificate Management Environment (ACME) which offers a standards-based REST API allowing client software to authenticate domains and automatically install certificates on servers without human intervention. A number of ACME-compliant clients have now been developed and are listed on the Let’s Encrypt community pages.

The Let’s Encrypt initiative is supported by sponsoring organisations who have an interest in promoting encrypted communication as the norm on the Internet. Over half of these sponsors have stepped up since the launch, demonstrating how successful the initiative has been.

More information about Let’s Encrypt and how to obtain certificates can be found on the Let’s Encrypt website.

Of course, digital certificates can be used for more than just securing the web. Deploy360 recently tested Let’s Encrypt certificates with the Go6lab mail servers and DANE, and it’s worth reading Part 1 and Part 2 of Jan Žorž’s tutorial on how to do this.

You can also check out whether a server supports the TLS protocol using the tools listed on our TLS Tools page.

Encryption, How the Internet Works, Internet Technologies, Open Internet Standards, Security, Supporting a Secure and Trustworthy Internet, Transport Layer Security (TLS), Global,

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Recent Posts

Related Posts

Supporting a Secure and Trustworthy Internet 6 September 2024

US Government Networks Get a Security Boost: White House Roadmap Tackles Routing Vulnerabilities

The White House's Roadmap to Enhancing Routing Security is an important step toward strengthening routing security in the United...

Supporting a Secure and Trustworthy Internet 14 May 2024

The US Makes a Big Step Toward Better Routing Security

The US Department of Commerce began implementing better routing security practices—a step in the right direction for wider MANRS...

Securing Border Gateway Protocol (BGP) 18 April 2024

The US FCC Signals a Dangerous New Course on BGP Security

The US Federal Communications Commission recently released a draft Declaratory Ruling and Order in the Open Internet Proceeding. However,...