Hubbry Logo
search
logo
Let's Encrypt avatar
Let's Encrypt
Let's Encrypt
current hub
L

Let's Encrypt

logo
Community Hub0 Subscribers
Read side by side
Let's Encrypt
View on Wikipedia
from Wikipedia

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It is the world's largest certificate authority,[3] used by more than 600 million websites,[4] with the goal of all websites being secure and using HTTPS. The Internet Security Research Group (ISRG), the provider of the service, is a public benefit organization.[5] Major sponsors include the Electronic Frontier Foundation (EFF), the Mozilla Foundation, OVHcloud, Cisco Systems, Facebook, Google Chrome, the Internet Society, AWS, Nginx, and the Gates Foundation.[6] Other partners include the certificate authority IdenTrust,[7] the University of Michigan,[8] and the Linux Foundation.[9]

Key Information

Overview

[edit]
Example of a website using Let's Encrypt
Example of a Let's Encrypt certificate

The mission for the organization is to create a more secure and privacy-respecting World-Wide Web by promoting the widespread adoption of HTTPS.[10] Let's Encrypt certificates are valid for 90 days, during which renewal can take place at any time.[11] This is handled by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.[12][13] The project claims its goal is to make encrypted connections to World Wide Web servers ubiquitous.[14] By eliminating payment, web server configuration, validation email management and certificate renewal tasks, it is meant to significantly lower the complexity of setting up and maintaining TLS encryption.[15]

On a Linux web server, execution of only two commands is sufficient to set up HTTPS encryption and acquire and install certificates.[16][17] To that end, a software package was included into the official Debian and Ubuntu software repositories.[18][19] Current initiatives of major browser developers such as Mozilla and Google to deprecate unencrypted HTTP are counting on the availability of Let's Encrypt.[20][21] The project is acknowledged to have the potential to accomplish encrypted connections as the default case for the entire Web.[22]

The service only issues domain-validated certificates, since they can be fully automated. Organization Validation and Extended Validation Certificates both require human validation of any registrants, and are therefore not offered by Let's Encrypt.[23] Support of ACME v2 and wildcard certificates was added in March 2018.[24] The domain validation (DV) utilized by Let's Encrypt dates back to 2002 and was at first controversial when introduced by GeoTrust before becoming a widely accepted method for the issuance of SSL certificates.[25]

By being as transparent as possible, the organization hopes to both protect its own trustworthiness and guard against attacks and manipulation attempts. For that purpose it regularly publishes transparency reports,[26] publicly logs all ACME transactions (e.g. by using Certificate Transparency), and uses open standards and free software as much as possible.[16]

History

[edit]

The Let's Encrypt project was started in 2012 by two Mozilla employees, Josh Aas and Eric Rescorla, together with Peter Eckersley at the Electronic Frontier Foundation and J. Alex Halderman at the University of Michigan. Internet Security Research Group, the company behind Let's Encrypt, was incorporated in May 2013.[8]

Let's Encrypt was announced publicly on November 18, 2014.[27]

On January 28, 2015, the ACME protocol was officially submitted to the IETF for standardization.[28] On April 9, 2015, the ISRG and the Linux Foundation declared their collaboration.[9] The root and intermediate certificates were generated in the beginning of June.[29] On June 16, 2015, the final launch schedule for the service was announced, with the first certificate expected to be issued sometime in the week of July 27, 2015, followed by a limited issuance period to test security and scalability. General availability of the service was originally planned to begin sometime in the week of September 14, 2015.[30] On August 7, 2015, the launch schedule was amended to provide more time for ensuring system security and stability, with the first certificate to be issued in the week of September 7, 2015 followed by general availability in the week of November 16, 2015.[31]

On September 14, 2015, Let's Encrypt issued its first certificate, which was for the domain helloworld.letsencrypt.org. On the same day, ISRG submitted its root program applications to Mozilla, Microsoft, Google and Apple.[32]

On October 19, 2015, the intermediate certificates became cross-signed by IdenTrust, causing all certificates issued by Let's Encrypt to be trusted by all major browsers.[7]

On November 12, 2015, Let's Encrypt announced that general availability would be pushed back and that the first public beta would commence on December 3, 2015.[33] The public beta ran from December 3, 2015[34] to April 12, 2016.[35] It launched on April 12, 2016.[36][37][5]

On March 3, 2020, Let's Encrypt announced that it would have to revoke over 3 million certificates on March 4, due to a flaw in its Certificate Authority software.[38] Through working with software vendors and contacting site operators, Let's Encrypt was able to get 1.7 million of the affected certificates renewed before the deadline. They ultimately decided not to revoke the remaining affected certificates, as the security risk was low and the certificates were to expire within the next 90 days.[39] The mass-revocation event has significantly increased the global revocation rate.[40]

In March 2020, Let's Encrypt was awarded the Free Software Foundation's annual Award for Projects of Social Benefit.[41]

On February 27, 2020, Let's Encrypt announced having issued a billion certificates.[42]

In April 2022, Let's Encrypt was awarded the Levchin Prize for “fundamental improvements to the certificate ecosystem that provide free certificates for all”.[43]

As of September 2022, Let's Encrypt reports having issued 234 million active (unexpired) certificates.[4]

In January 2025, Let's Encrypt announced the retirement of its free email expiry notifications and recommended Red Sift Certificates Lite as its certificate monitoring service.[44][45]

Technology

[edit]

Chain of trust

[edit]

ISRG Root X1 (RSA)

[edit]

In June 2015, Let's Encrypt announced the generation of their first RSA root certificate, ISRG Root X1.[46] The root certificate was used to sign two intermediate certificates,[46] which are also cross-signed by the certificate authority IdenTrust.[7][47] One of the intermediate certificates is used to sign issued certificates, while the other is kept offline as a backup in case of problems with the first intermediate certificate.[46] Because the IdenTrust certificate was already widely trusted by major web browsers, Let's Encrypt certificates can normally be validated and accepted by relying parties[29] even before browser vendors include the ISRG root certificate as a trust anchor.

ISRG Root X2 (ECDSA)

[edit]

Let's Encrypt developers planned to generate an ECDSA root key back in 2015,[46] but then pushed back the plan to early 2016, then to 2019, and finally to 2020. On September 3, 2020, Let's Encrypt issued six new certificates: one new ECDSA root named "ISRG Root X2", four intermediates, and one cross-sign. The new ISRG Root X2 is cross-signed with ISRG Root X1, Let's Encrypt's own root certificate. Let's Encrypt did not issue an OCSP responder for the new intermediate certificates and instead plans to rely solely on certificate revocation lists (CRLs) to recall compromised certificates and short validity periods to reduce danger of certificate compromise.[48]

ACME protocol

[edit]

The challenge–response protocol used to automate enrolling with the certificate authority is called Automatic Certificate Management Environment (ACME). It can query either Web servers or DNS servers controlled by the domain covered by the certificate to be issued. Based on whether the resulting responses match the expectations, control of the enrollee over the domain is assured (domain validation). The ACME client software can set up a dedicated TLS server that gets queried by the ACME certificate authority server with requests using Server Name Indication (Domain Validation using Server Name Indication, DVSNI), or it can use hooks to publish responses to existing Web and DNS servers.

The validation processes are run multiple times over separate network paths. Checking whether DNS entries are provisioned is done from multiple geographically diverse locations to make DNS spoofing attacks harder to carry out.

ACME interactions are based on exchanging JSON documents over HTTPS connections.[49] The specification developed by the Internet Engineering Task Force (IETF) is a proposed standard, RFC 8555.[50]

Prior to the completion and publication of RFC 8555, Let's Encrypt implemented a pre-standard draft of the ACME protocol. RFC 8555 introduced breaking changes and as such it has been dubbed ACMEv2. Let's Encrypt implemented the new version and started pushing existing clients into upgrades. The nudging was implemented with intermittent down-times of the ACMEv1 API. The end-of-lifetime was announced with dates and phases in "End of Life Plan for ACMEv1".[51] Since November 8, 2019, ACMEv1 no longer accepts new account registrations. Since June 2020, ACMEv1 stopped accepting new domain validations. From January 2021, ACMEv1 underwent 24-hour brownouts. The ACMEv1 API was turned off completely on June 1, 2021.[52]

Software implementation

[edit]
Domain selection dialogue

The certificate authority consists of a piece of software called Boulder, written in Go, that implements the server side of the ACME protocol. It is published as free software with source code under the terms of version 2 of the Mozilla Public License (MPL).[53] It provides a RESTful API that can be accessed over a TLS-encrypted channel.

An Apache-licensed[54] Python certificate management program called certbot (formerly letsencrypt) gets installed on the client side (the Web server of an enrollee). This is used to order the certificate, to conduct the domain validation process, to install the certificate, to configure the HTTPS encryption in the HTTP server, and later to regularly renew the certificate.[16][55] After installation and agreeing to the user license, executing a single command is enough to get a valid certificate installed. Additional options like OCSP stapling or HTTP Strict Transport Security (HSTS) can also be enabled.[49] Automatic setup initially only works with Apache and nginx.

Let's Encrypt issues certificates valid for 90 days. The reason given is that these certificates "limit damage from key compromise and mis-issuance" and encourage automation.[56]

Initially, Let's Encrypt developed its own ACME client – Certbot – as an official implementation. This has been transferred to Electronic Frontier Foundation and its name "letsencrypt" has been changed to "certbot". There is a large selection of ACME clients and projects for a number of environments developed by the community.[57]

See also

[edit]

Further reading

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Let's Encrypt

View on Grokipedia
from Grokipedia
Let's Encrypt is a free, automated, and open certificate authority (CA) operated by the nonprofit Internet Security Research Group (ISRG) to provide digital certificates enabling HTTPS encryption for websites worldwide.[1] It issues SSL/TLS certificates at no cost, using the open-standard ACME protocol (RFC 8555) for automated validation, issuance, and renewal, thereby lowering barriers to secure web communication.[1] Founded to promote universal encryption on the internet, Let's Encrypt adheres to principles of being free, automatic, secure, transparent, open, and cooperative, ensuring certificates are accessible without manual intervention or payment.[1] The project originated from efforts in 2012 to develop a fully automated CA, leading to the incorporation of ISRG on May 24, 2013, specifically to host Let's Encrypt as its flagship initiative.[2] Public announcement occurred on November 18, 2014, with the first certificates issued in the week of September 7, 2015, and general availability following in the week of November 16, 2015.[3] Since launch, Let's Encrypt has driven widespread HTTPS adoption by eliminating financial and technical hurdles traditionally associated with certificate acquisition, supporting everything from personal blogs to major enterprises.[4] As of January 2025, Let's Encrypt secures over 550 million websites, representing a 42% growth from the previous year. It holds about 60% market share of all websites whose SSL certificate authority is known.[5][6] It issues more than 340,000 certificates per hour, with ongoing infrastructure enhancements—such as scaled rate limits and database optimizations—preparing for over 1 billion active certificates.[5] Funded entirely by donations and sponsorships, the service remains committed to privacy and efficiency, including recent developments like short-lived (six-day) certificates and IP address certificates, which are now generally available as of January 2026.[4][7][8]

Introduction

Overview

Let's Encrypt is a nonprofit-operated Certificate Authority (CA) that provides free TLS/SSL certificates to enable HTTPS encryption for websites worldwide.[9] Operated by the Internet Security Research Group (ISRG), a 501(c)(3) organization dedicated to advancing Internet security, it focuses on removing barriers to secure web connections.[2] By offering these certificates at no cost, Let's Encrypt addresses the expense and complexity that previously hindered widespread adoption of encryption.[10] Central to its model is automation via the ACME protocol, which facilitates domain validation to confirm that certificate requesters control the domains they intend to secure.[11] Standard certificates issued are valid for 90 days, with an opt-in option for shorter six-day validity periods, encouraging regular automated renewals to maintain security without ongoing manual effort.[10][7] This open-source approach, including the ACME protocol standardized by the IETF, promotes transparency and interoperability to drive universal encryption across the web.[12] In the basic workflow, users deploy open-source client software—such as Certbot—on their servers to request a certificate, complete a validation challenge (like placing a temporary file on the site or updating DNS records), and automatically install the issued certificate, all without human intervention. With proper automation, certificates are typically issued in seconds to minutes. This streamlined process integrates seamlessly with web servers and hosting environments, making HTTPS accessible to individuals, small organizations, and large-scale deployments alike.[11][13]

Mission and Features

Let's Encrypt's core mission is to promote the widespread adoption of HTTPS across the web, thereby creating a more secure and privacy-respecting internet by providing free, automated digital certificates to website operators.[10] This initiative addresses key barriers to HTTPS deployment, such as the high costs and technical complexities associated with traditional certificate authorities, making encrypted connections accessible to all websites regardless of size or budget.[1] Operated as a nonprofit by the Internet Security Research Group (ISRG), Let's Encrypt adheres to principles of openness and public benefit, eschewing commercial incentives in favor of community-driven development.[1] All of its code, protocols, and specifications are publicly available, including the open standard ACME protocol defined in RFC 8555, which ensures transparency and encourages broad collaboration.[1] This nonprofit structure allows Let's Encrypt to prioritize global internet security over profit, fostering a cooperative ecosystem where improvements benefit the public at large.[10] Among its distinctive features, Let's Encrypt offers automated certificate issuance and renewal, which minimizes human error in managing TLS/SSL configurations and enables seamless integration with popular web servers such as Apache and Nginx through tools like Certbot.[11] It supports wildcard certificates via the DNS-01 challenge method, allowing a single certificate to secure multiple subdomains under a parent domain, which simplifies management for complex sites.[10] Additionally, standard certificates have short 90-day validity periods, with an opt-in for six-day short-lived certificates to enhance security by limiting the impact of potential compromises, and automation facilitating frequent renewals every 60 days or less for standard certificates (or more often for short-lived ones).[10][7] In 2025, Let's Encrypt introduced support for IP address certificates as Subject Alternative Names in short-lived profiles, enabling secure TLS connections for IP-based services without requiring domain validation via DNS-01 challenges.[14]

History

Founding and Early Years

The Internet Security Research Group (ISRG) was incorporated on May 24, 2013, as a non-profit public benefit corporation aimed at developing digital infrastructure to enhance internet security, particularly by tackling the limited adoption of HTTPS due to the high costs and complexities of traditional certificate authorities.[15] Founded by Josh Aas, Eric Rescorla, Alex Halderman, and Peter Eckersley, ISRG sought to create an automated system for issuing free SSL/TLS certificates, drawing on expertise from organizations addressing web privacy and security gaps.[16] Backed by initial supporters including the Electronic Frontier Foundation (EFF), Mozilla, Cisco, Akamai, IdenTrust, and the University of Michigan, ISRG positioned Let's Encrypt as a collaborative effort to democratize secure web connections.[17] On November 18, 2014, ISRG publicly announced the Let's Encrypt project, outlining its mission to provide freely available, automated certificates that would simplify HTTPS deployment for websites worldwide and challenge the proprietary models of paid certificate authorities.[18] The initiative emphasized open-source protocols and tools to automate validation and issuance, targeting a launch in mid-2015 to accelerate the encryption of web traffic.[18] This announcement highlighted the project's non-commercial nature, funded through grants and sponsorships, and its commitment to transparency in operations to build community trust.[17] Development progressed through a closed beta phase in 2015, where ISRG tested the Automated Certificate Management Environment (ACME) protocol and issuance systems with select participants.[19] The first certificate was issued on September 14, 2015, to the domain helloworld.letsencrypt.org, demonstrating the system's functionality although initial certificates required cross-signing from IdenTrust's established root for browser trust.[20] Public beta commenced on December 3, 2015, removing invitation requirements and enabling open access to certificate requests.[21] Full general availability, marking the end of the beta period, was achieved on April 12, 2016.[22] One of the primary early challenges was establishing a chain of trust independent of existing authorities; ISRG submitted its root certificate, ISRG Root X1, to major browser and operating system trust stores to gain direct recognition, a process that involved rigorous audits and policy compliance reviews. Integrating with diverse web servers and software ecosystems also required extensive compatibility testing to ensure seamless automation without disrupting site operations.[20] These efforts laid the groundwork for Let's Encrypt's role in promoting universal encryption during its formative period.

Growth and Milestones

Following its public launch in late 2015, Let's Encrypt experienced rapid early adoption, issuing its millionth certificate on March 8, 2016, which secured approximately 2.4 million domains.[23] By June 28, 2017, the service had issued over 100 million certificates in total, demonstrating significant uptake among website operators seeking free TLS protection.[24] This momentum continued with the addition of support for wildcard certificates on March 13, 2018, enabling single certificates to cover multiple subdomains and simplifying management for complex site architectures. Key milestone events marked sustained expansion, including reaching 100 million active certificates in May 2019, a threshold that underscored the service's role in encrypting a substantial portion of the web.[25] In 2020 and 2021, Let's Encrypt advanced its cryptographic infrastructure by issuing new intermediate certificates and introducing an ECDSA root (ISRG Root X2) on September 3, 2020, alongside RSA intermediates to enhance efficiency and support modern key types without disrupting existing chains.[26] These updates, including cross-signing for compatibility, facilitated smoother transitions for relying parties while maintaining trust.[26] Scaling infrastructure efforts enabled Let's Encrypt to handle billions of certificates annually, with over 3 billion issued by November 2022 and continued growth supporting more than 309 million domains via 239 million active certificates at that time.[27] The 10th anniversary of Let's Encrypt's first certificate issuance in 2025 prompted reflections on its contributions to HTTPS adoption, noting that encrypted page loads had risen dramatically since 2015, with the service now protecting hundreds of millions of sites globally.[28] Recent milestones include the generation and issuance of new root certificates—ISRG Root YE (ECDSA P-384) and ISRG Root YR (RSA 4096)—on September 3, 2025, as part of a key ceremony to refresh the chain of trust and prepare for future rotations.[29] Additionally, on January 16, 2025, Let's Encrypt announced preparation for short-lived certificates with six-day validity periods, an opt-in feature via ACME profiles to bolster security by reducing exposure windows, alongside support for IP address certificates.[7] Organizational growth at the Internet Security Research Group (ISRG), the nonprofit behind Let's Encrypt, has evolved through diversified funding models relying on sponsorships and donations rather than certificate fees, with founding partners including Mozilla, the Electronic Frontier Foundation, Cisco, Akamai, and the University of Michigan.[2] Ongoing partnerships, such as the 2024 renewal with Princeton University for research on certificate transparency and revocation, have supported technical advancements, while a broad donor base—including Google, Facebook, and Microsoft—ensures operational sustainability without compromising the free service model.[30][31] This structure has allowed ISRG to scale operations, invest in protocol improvements, and maintain independence since its inception in 2013.[2]

Operations

Certificate Issuance Process

The certificate issuance process for Let's Encrypt begins when a domain owner uses an ACME client to generate a public-private key pair for their account, which authenticates the client to the Let's Encrypt API.[11] The client then creates a PKCS#10 Certificate Signing Request (CSR) containing the desired domain names and the public key, signed with the account's private key, and submits it to the Let's Encrypt server via the ACME protocol.[11] To verify domain control, the server issues a challenge that the client must complete, after which the server checks the response from multiple network vantage points to ensure authenticity.[11] Upon successful validation, Let's Encrypt signs the certificate with its intermediate CA key and delivers it to the client. Let's Encrypt then submits the certificate to public Certificate Transparency logs for monitoring.[11] Let's Encrypt supports several domain validation methods, each suited to different server configurations. The HTTP-01 challenge requires the client to place a specific token file at http://<domain>/.well-known/acme-challenge/<token> on port 80, allowing the Let's Encrypt server to retrieve it via HTTP (with support for up to 10 redirects, but no IP-based redirects).[32] This method is widely used but cannot issue wildcard certificates and fails if port 80 is blocked by firewalls.[32] Both HTTP-01 and TLS-ALPN-01 also support validation for IP addresses (IPv4 and IPv6 /64), introduced in 2025, while DNS-01 does not.[7] The DNS-01 challenge involves adding a TXT record with a specific token value at _acme-challenge.<domain>, which the server queries via DNS resolution; it supports wildcard certificates and CNAME/NS delegation but may require up to an hour for propagation.[32] The TLS-ALPN-01 challenge, which validates control through a custom TLS Application-Layer Protocol Negotiation (ALPN) extension on port 443 using Server Name Indication (SNI), remains active but has limited client support and does not work for wildcards.[32] For historical context, the TLS-SNI-01 challenge was deprecated in March 2019 due to vulnerabilities allowing unauthorized issuance.[32] Certificates issued by Let's Encrypt have a fixed lifetime of 90 days to encourage automation and rapid revocation if compromised, though an opt-in short-lived option of 6 days is available.[10] Renewal follows the same issuance workflow, with clients typically automating re-issuance around 30 days before expiration to maintain continuous coverage; validation results are cached for up to 30 days, potentially skipping re-validation during renewal if unchanged.[10] Clients are advised to schedule renewals at randomized intervals to distribute load evenly across Let's Encrypt's infrastructure.[10] Common errors during issuance often stem from misconfigured validation challenges, such as firewalls blocking port 80 for HTTP-01 attempts or DNS propagation delays in DNS-01 setups, which can be troubleshot by verifying network accessibility from external vantage points and using the staging environment for testing.[33] Another frequent issue is cached authorizations preventing expected re-validation, resolvable by forcing a new challenge or waiting out the 30-day cache period.[10] For seamless integration, tools like Certbot—recommended by Let's Encrypt—automate the entire process, including key generation, challenge completion, installation on web servers like Apache or Nginx, and scheduled renewals via cron jobs or systemd timers.[13] For example, running certbot --nginx on a Ubuntu server with Nginx prompts domain selection, handles HTTP-01 validation, and configures the server to use the new certificate while setting up automatic renewal.[13] Other ACME clients, such as acme.sh or Lego, offer similar functionality for custom environments.[13]

Policies and Rate Limits

Let's Encrypt operates under a set of core policies designed to ensure secure and responsible use of its certificates. The service issues Domain Validation (DV) certificates exclusively, verifying control over domain names through technical methods without providing Organization Validation (OV) or Extended Validation (EV) options.[10][34] Certificates are available only for public domain names and public IP addresses (IPv4 or IPv6 /64 ranges), requiring subscribers to be the legitimate registrant, assignee, or authorized agent of the identifiers in the certificate request.[34] Additionally, the Subscriber Agreement prohibits using certificates for illegal activities, including phishing, fraud, malware distribution, or facilitating man-in-the-middle attacks to intercept encrypted communications.[34] To prevent abuse and maintain service sustainability, Let's Encrypt enforces strict rate limits on certificate issuance and related operations. As of June 2025, key limits include up to 50 new certificates per registered domain (defined by the eTLD+1, such as example.co.uk), per IPv4 address, or per IPv6 /64 range every 7 days, and 300 new orders per account every 3 hours.[33] A separate limit of 5 duplicate certificates per exact set of identifiers applies every 7 days to discourage unnecessary reissuances.[33] These limits use a token bucket algorithm for enforcement, with no resets for revoked certificates, and overrides are available for some via a formal request process.[33] In response to rapid growth, Let's Encrypt evolved its rate limiting infrastructure on January 30, 2025, implementing a system based on Redis for storage and the Generic Cell Rate Algorithm (GCRA) for flow management.[5] This upgrade supports scaling to over 1 billion active certificates by reducing database load by 80% and authorization reads by over 99%, addressing a 42% yearly increase in protected websites from over 550 million (as of January 2025).[5] The changes maintain existing per-domain limits while enabling smoother handling of high-volume requests.[5] Subscribers are encouraged to use the staging environment for testing ACME clients and issuance processes, which features higher rate limits—such as 10 new registrations per IP every 3 hours—to avoid impacting production quotas.[35][33] Enforcement includes automated detection of duplicate certificate requests and temporary suspensions for repeated violations, such as exceeding per-domain limits, which can result in issuance bans until the limit window refills.[33][36] Misuse reports, including potential policy breaches, can be submitted to [email protected] for investigation and possible revocation.[37]

Technology

ACME Protocol

The Automated Certificate Management Environment (ACME) protocol facilitates automated issuance, renewal, and revocation of X.509 certificates between client software and a certificate authority (CA) server, such as Let's Encrypt, through a client-server interaction over HTTPS using JSON messages secured by JSON Web Signatures (JWS).[38] Defined in RFC 8555 published in March 2019, ACME version 2 (v2) standardizes this process, while the earlier ACME v1, based on draft specifications, has been deprecated by Let's Encrypt since June 2021 to encourage adoption of the more robust v2.[38][39] The protocol supports the full certificate lifecycle, enabling clients to register accounts, request orders for specific domain identifiers, prove control over those identifiers via challenges, submit certificate signing requests (CSRs), and retrieve issued certificates, all while maintaining security through cryptographic proofs.[40] In 2025, Let's Encrypt introduced support for ACME Profiles as an extension to RFC 8555, allowing clients to negotiate specific features such as short-lived certificates during the order process. This enables issuance of certificates with reduced lifetimes, such as six days, to enhance security by minimizing exposure windows while maintaining automation. Short-lived certificates are requested via profile negotiation in the newOrder request, with general availability targeted by late 2025.[7] Key components of ACME include account registration, where a client creates an account with the server by submitting a signed newAccount request containing a JSON Web Key (JWK) public key, optional contact information, and agreement to the server's terms of service.[41] For security, the server provides a unique nonce value in HTTP headers with each response, which the client must include in the JWS header of subsequent requests to prevent replay attacks.[42] Directory discovery allows clients to locate API endpoints by fetching a directory resource from the server's well-known URL, which lists URLs for resources like newAccount, newOrder, and newNonce.[43] Order objects, created via a newOrder request, represent pending certificate requests and include an array of identifiers (e.g., domain names) along with authorization and finalization URLs provided by the server.[44] The challenge-response mechanism verifies the client's control over a domain without relying on pre-existing trust, using methods like HTTP-01, DNS-01, and TLS-ALPN-01.[45] In the HTTP-01 challenge, the server provides a token, and the client must host a resource at https://<domain>/.well-known/acme-challenge/<token> containing the key authorization string, formed as <token>.<thumbprint>, where the thumbprint is the base64url-encoded SHA-256 digest of the account's JWK per RFC 7638.[46] The server then fetches this resource and computes the expected key authorization to validate it. For DNS-01, the client adds a TXT DNS record at _acme-challenge.<domain> with the base64url-encoded SHA-256 digest of the key authorization string, allowing wildcard domain validation (e.g., *.example.com), which is not supported by HTTP-01 or TLS-ALPN-01.[46][47] TLS-ALPN-01 involves the client serving a self-signed TLS certificate during a TLS handshake over Application-Layer Protocol Negotiation (ALPN) with the ACME protocol identifier, embedding the key authorization in the certificate's extensions for server validation.[48] Upon successful challenge completion for all identifiers in an order, the client submits a CSR via a finalize request, after which the server issues and provides the certificate download URL.[49] Security features in ACME rely on JOSE and JWS standards to sign all client requests with the account's private key, ensuring authenticity and integrity without transmitting private keys to the server.[50] Anti-replay protection is enforced by requiring a fresh nonce from the server in each JWS, which is single-use and time-bound to mitigate man-in-the-middle attacks.[42] Rate limiting is integrated at the server level, where excessive requests (e.g., for new accounts or orders) trigger a rateLimited error response with details on exceeded limits, helping prevent abuse and denial-of-service attempts.[51] ACME extensions include support for wildcard certificates exclusively through DNS-01 challenges, revocation requests via a signed revokeCert message to the CA using the certificate's serial number or encoded body, and key rollover through a keyChange request that allows updating an account's key pair while authorizing the transition with the old key.[52][53] These features enable flexible management while adhering to the protocol's core security model.[54]

Chain of Trust

The chain of trust for Let's Encrypt certificates is established through a hierarchy of root and intermediate certificates issued by the Internet Security Research Group (ISRG), ensuring validation by relying parties such as web browsers and operating systems.[55] The primary root certificates are ISRG Root X1, an RSA 4096-bit key generated on June 4, 2015, and valid until June 4, 2030, and ISRG Root X2, an ECDSA P-384 key generated on September 4, 2020, and valid until September 4, 2035.[55] These roots form the foundation, with newer roots ISRG Root YE (ECDSA P-384, generated September 3, 2025) and ISRG Root YR (RSA 4096, generated September 3, 2025) prepared for future use but not yet widely trusted in major root programs.[55] Current active intermediate certificates include the ECDSA-based E7 and E8, both valid until March 12, 2027, and signed by ISRG Root X2, as well as the RSA-based R12 and R13, also valid until March 12, 2027, and signed by ISRG Root X1.[55] Historical intermediates such as E1 and E2 (ECDSA) and R3 and R4 (RSA) have expired, with E1 and E2 reaching end-of-life on September 15, 2025.[55] These intermediates are used to sign end-entity subscriber certificates, creating chains that trace back to a trusted root for verification. Cross-signing has been employed to enhance compatibility during transitions. Historically, ISRG Root X1 was cross-signed by the DST Root CA X3 from IdenTrust, which was retired in 2021, allowing broader initial trust adoption.[56] ISRG Root X2 was cross-signed by ISRG Root X1 to support systems not yet trusting X2 directly.[55] Due to the impending expiration of the DST Root CA X3 cross-signature on September 30, 2024, Let's Encrypt announced in June 2024 the discontinuation of cross-signed chains, shifting to direct chains from ISRG roots to improve efficiency and reduce chain length.[57] For chain building, RSA-based end-entity certificates typically chain to ISRG Root X1 via R12 or R13 for maximum compatibility with older devices that may not support ECDSA roots.[55] ECDSA-based certificates chain via E7 or E8 to either ISRG Root X1 (for broad compatibility) or ISRG Root X2 (for smaller chains and better performance on modern systems).[55] This flexibility addresses varying support levels, such as legacy Android versions below 7.1 that require the X1 chain.[58] Trust distribution involves submitting root certificates to major programs for inclusion in trust stores, including those of Microsoft, Apple, Google, Mozilla, and others, achieving full inclusion by 2018.[59] ISRG roots are identified via specific object identifiers (OIDs), such as 1.3.6.1.4.1.57264 for the ISRG root CA, embedded in certificates to facilitate automated recognition and validation.[55]

Supporting Services

Let's Encrypt provides several ancillary services to support certificate validation, monitoring, and management, ensuring reliable operation of its automated certificate issuance system. These services include tools for transparency, revocation checking, user notifications, API access, and underlying infrastructure, all designed to enhance security and usability without compromising privacy or performance.[60] One key supporting service is the Certificate Transparency (CT) logging system, which promotes public monitoring of certificate issuance to detect mis-issuance. Let's Encrypt operated RFC 6962-compliant CT logs, but these will go read-only on November 30, 2025, and will be fully shut down on February 28, 2026, to align with evolving standards.[61] The planned transition will shift operations to Static CT API logs, which maintain compliance with modern CT requirements while reducing maintenance overhead.[62] This change ensures continued transparency for certificates issued after the shutdown, allowing relying parties to verify issuance without relying on legacy logs.[63] For certificate revocation, Let's Encrypt previously offered an Online Certificate Status Protocol (OCSP) service to check revocation status in real-time. Announced in December 2024, the OCSP service reached end-of-life on August 6, 2025, due to privacy concerns and the low utility of revocation in short-lived certificates.[64][65] Following the shutdown, the service recommends shifting to Certificate Revocation Lists (CRLs) and OCSP stapling, where servers include revocation information directly in TLS handshakes to maintain efficiency and privacy.[64] To assist users with certificate lifecycle management, Let's Encrypt provided expiration notification emails, alerting subscribers to upcoming renewals. This service ceased on June 4, 2025, as automation tools like ACME clients have become prevalent, reducing the need for manual reminders.[66][67] The discontinuation encourages reliance on automated renewal processes, aligning with the goal of seamless HTTPS deployment while addressing privacy issues from storing email addresses.[66] API environments facilitate development and production use of Let's Encrypt services. The production ACME endpoint, acme-v02.api.letsencrypt.org, handles live certificate issuance with strict rate limits to prevent abuse.[35] In contrast, the staging environment at acme-staging-v02.api.letsencrypt.org offers higher rate limits for testing and integration, allowing developers to simulate issuance without impacting production quotas.[35] For monitoring and searching issued certificates, tools like crt.sh provide public access to CT log data, enabling users to query Let's Encrypt certificates by domain or serial number.[68] Underpinning these services is the Boulder software, an open-source ACME-based certificate authority implemented in Go, which powers Let's Encrypt's core issuance and validation processes.[69] Boulder ensures high availability through distributed deployment, supporting the scale of millions of daily certificate requests.[69]

Adoption and Impact

Usage Statistics

As of January 2025, Let's Encrypt provides active TLS certificates to over 550 million websites, a figure that reflects a 42% year-over-year growth and underscores its rapid expansion in securing web traffic.[5] Let's Encrypt commands a dominant position in the SSL certificate market, accounting for 63.8% of all certificates among public certificate authorities as of November 2025, far ahead of competitors like GlobalSign at 22.4%.[6][70] The service has demonstrated exponential issuance trends since its launch, reaching its first million certificates within months of public beta in early 2016 and scaling to billions issued cumulatively by 2025, with over 3 billion certificates issued annually in recent years to support ongoing renewals and new deployments.[71][5] Adoption is particularly strong among high-profile sites, with Let's Encrypt securing about 45% of the top 1 million websites as measured in 2024 data that remains indicative into 2025; it is also widely utilized by open-source projects through integrated tools like Certbot and by small businesses seeking cost-free automation for HTTPS enablement.[72][73] Globally, Let's Encrypt's usage is concentrated in regions with robust web infrastructure, led by North America (particularly the United States at around 45% of its customer base) and Europe (including the United Kingdom and France at over 9% each), aligning with patterns of high web hosting density.[74]

Contributions to Web Security

Let's Encrypt has significantly accelerated the global adoption of HTTPS, transforming it from a niche security practice to a standard for web communications. Prior to its launch in 2015, only about 39% of web pages loaded over HTTPS on desktop browsers, limited by the cost and complexity of obtaining certificates from traditional authorities.[75] By providing free, automated certificates, Let's Encrypt addressed these barriers, contributing to a dramatic rise in usage; by January 2025, over 92% of top-level connections in Firefox were secured with HTTPS, with Let's Encrypt securing over 550 million websites worldwide.[76][77][5] The initiative's ecosystem benefits extend beyond its own operations, as the Automated Certificate Management Environment (ACME) protocol it pioneered has become an IETF standard (RFC 8555) widely adopted by other certificate authorities, enabling automated issuance and renewal across the industry.[38][78] This standardization has facilitated broader encryption deployment, reducing the prevalence of man-in-the-middle attacks by ensuring more web traffic is encrypted end-to-end, thereby protecting users from interception on untrusted networks. Let's Encrypt's ongoing contributions to IETF working groups, including the development of ACME Renewal Information (RFC 9773), further solidify its role in evolving secure certificate management protocols.[79] In addition to technical advancements, Let's Encrypt has fostered educational impact through comprehensive documentation and community resources that promote security best practices, such as integrating HTTP Strict Transport Security (HSTS) preloading to enforce HTTPS and mitigate downgrade attacks.[73] These materials guide website operators in configuring HSTS headers alongside automated certificate renewal, enhancing protection against protocol weakening exploits.[80] On a broader scale, Let's Encrypt has diminished reliance on expensive paid certificate authorities, democratizing access to encryption for non-profits, small businesses, and individuals who previously could not afford it, thereby promoting a more equitable secure web.[81] This shift has empowered diverse users to implement HTTPS without financial hurdles, contributing to higher overall internet security resilience.[82] Let's Encrypt also advances security through features like short certificate lifetimes—now including six-day options introduced in 2025—which minimize the exposure window if a private key is compromised, reducing the need for and complexity of revocation processes.[7] Furthermore, its automation tools encourage the adoption of modern ciphers and TLS configurations in deployment guides, steering users toward stronger cryptographic standards like ECDHE for forward secrecy.[83][73]

Challenges and Future Directions

Known Issues and Criticisms

One significant criticism of Let's Encrypt stems from its reliance on Domain Validation (DV) for certificate issuance, which verifies only domain control and not the legitimacy or content of the associated website. This has enabled malicious actors to obtain valid certificates for phishing sites, creating a perception of "false security" among users who may trust the padlock icon without scrutinizing the site's authenticity. For instance, in 2017, Let's Encrypt issued nearly 15,000 certificates containing "PayPal" for fraudulent phishing domains, and reports indicate that DV certificates from Let's Encrypt and similar authorities accounted for 96% of SSL-enabled phishing sites observed in scans.[84][85][86] Compatibility challenges have also arisen, particularly with older devices lacking updated trust stores. Devices running Android 7.0 and earlier versions experienced issues trusting Let's Encrypt's root certificate (ISRG Root X1) until a cross-sign with the deprecated DST Root CA X3 was implemented in 2020, providing temporary compatibility through September 2024. Additionally, some older Android versions have bugs with ECDSA-based certificate chains using P-384 curves, leading to validation failures despite the root being trusted.[87][88][89] The 90-day certificate lifetime, while promoting security through frequent key rotation, introduces operational risks tied to automation. Administrators must rely on automated renewal processes, which can fail due to misconfigurations, network issues, or software bugs, potentially leaving sites exposed during lapses. Critics argue this increases server load from repeated issuances and heightens the chance of errors in high-traffic environments, where even brief downtime from failed renewals can disrupt services.[90][91] Past security vulnerabilities in validation methods have drawn scrutiny. The tls-sni-01 challenge, used for domain validation, was deprecated in March 2019 after a 2018 exploit allowed attackers to obtain certificates for domains they did not control by leveraging misconfigured shared hosting environments. Isolated incidents of challenge hijacking have also occurred through remote web application vulnerabilities, enabling unauthorized certificate issuance without direct domain compromise.[92][93] Other critiques highlight Let's Encrypt's operational dependencies and limitations. As a nonprofit, it relies heavily on donations and grants, with an estimated 2025 budget of $4.5 million to cover infrastructure and staffing for over 500 million websites.[94] Furthermore, its exclusive focus on DV certificates excludes options for Organization Validation (OV) or Extended Validation (EV), which provide additional identity assurances preferred by some enterprises for high-security applications.[10]

Upcoming Developments

Let's Encrypt plans to introduce support for short-lived certificates by the end of 2025, allowing ACME clients that implement profile selection to request certificates with a six-day lifetime, thereby reducing the window for potential compromises without relying on revocation mechanisms.[95][7] This feature will initially launch with limited issuance, with the first such certificate already issued in February 2025, and aims to enhance security for automated renewals by minimizing exposure time. Subscribers can currently opt in via ACME profiles.[96][10] In conjunction with short-lived certificates, Let's Encrypt announced support for IP address certificates on January 16, 2025, enabling validation and issuance for IP-based connections without requiring domain names in the Subject Alternative Names.[7] This capability, tested with the first IP address certificate issued in July 2025, will become generally available later in the year, facilitating secure TLS for non-domain resources like direct IP endpoints.[97] To ensure long-term trust, Let's Encrypt completed the generation of new root certificates ISRG Root YE (ECDSA P-384) and ISRG Root YR (RSA 4096) on September 3, 2025, along with associated intermediates YE1 through YE3 and YR1 through YR3.[55][29] These roots, cross-signed by existing ISRG Root X1 and X2, are slated for submission to root program trust stores in the coming months, with activation planned to extend the chain of trust beyond 2030 as older roots approach expiration.[55] Service evolutions include a full transition to Static CT API logs after 2026, with legacy RFC 6962 logs entering read-only mode on November 30, 2025, and shutting down entirely on February 28, 2026, to improve efficiency and reliability in certificate transparency monitoring.[61] In August 2025, Let's Encrypt discontinued its OCSP service to enhance privacy by avoiding exposure of client IP addresses, requiring clients to use CRLs or other revocation methods.[65] This shift supports enhanced automation in the ACME protocol, potentially allowing for tailored certificate lifetimes in specific scenarios while maintaining core short-duration defaults.[95] Strategically, Let's Encrypt is scaling infrastructure to handle growth toward 1 billion active certificates, building on its history of issuing over 3 billion total certificates by 2022, with increased research into post-quantum cryptography to future-proof the web PKI against emerging threats.[27][98]

References

  1. About Let's Encrypt
  2. About Internet Security Research Group
  3. Updated Let's Encrypt Launch Schedule
  4. [PDF] 2024 Annual Report - Internet Security Research Group
  5. Scaling Our Rate Limits to Prepare for a Billion Active Certificates
  6. Usage statistics and market share of Let's Encrypt as SSL certificate ...
  7. Announcing Six Day and IP Address Certificate Options in 2025
  8. 6-Day and IP Certificates Now Generally Available
  9. Let's Encrypt
  10. FAQ - Let's Encrypt
  11. How It Works - Let's Encrypt
  12. https://tools.ietf.org/html/rfc8555
  13. Getting Started - Let's Encrypt
  14. https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate
  15. [PDF] 2023 Annual Report - Internet Security Research Group
  16. Celebrating 10 Years of Building a Better Internet
  17. Let's Encrypt for a safer web | Electronic Frontier Foundation
  18. Let's Encrypt: Delivering SSL/TLS Everywhere
  19. Let's Encrypt Launch Schedule
  20. Our First Certificate Is Now Live - Let's Encrypt
  21. Entering Public Beta - Let's Encrypt
  22. https://letsencrypt.org/2016/04/12/leaving-beta-new-sponsors
  23. Our Millionth Certificate - Let's Encrypt
  24. Milestone: 100 Million Certificates Issued - Let's Encrypt
  25. [PDF] 2019 ANNUAL REPORT - Internet Security Research Group
  26. Let's Encrypt's New Root and Intermediate Certificates
  27. Let's Encrypt issued over 3 billion certificates, securing 309M sites ...
  28. Encryption for Everybody
  29. New "Y" Root and Intermediate Hierarchy - API Announcements
  30. Let's Encrypt Continues Partnership with Princeton to Bolster ...
  31. Sponsors and Donors - Internet Security Research Group
  32. Challenge Types - Let's Encrypt
  33. Rate Limits - Let's Encrypt
  34. [PDF] Version 1.6 18 August 2025 Page 1 of 8 Let's Encrypt Subscriber ...
  35. Staging Environment - Let's Encrypt
  36. Suspended certificate - Help - Let's Encrypt Community Support
  37. Policy and Legal Repository - Let's Encrypt
  38. RFC 8555: Automatic Certificate Management Environment (ACME)
  39. End of Life Plan for ACMEv1 - Let's Encrypt Community Support
  40. https://datatracker.ietf.org/doc/html/rfc8555#section-3
  41. https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
  42. https://datatracker.ietf.org/doc/html/rfc8555#section-6.4
  43. https://datatracker.ietf.org/doc/html/rfc8555#section-5.2
  44. https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.4
  45. https://datatracker.ietf.org/doc/html/rfc8555#section-8
  46. https://datatracker.ietf.org/doc/html/rfc8555#section-8.1
  47. https://datatracker.ietf.org/doc/html/rfc8555#section-8.4
  48. https://datatracker.ietf.org/doc/html/rfc8555#section-8.3
  49. https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
  50. https://datatracker.ietf.org/doc/html/rfc8555#section-6.2
  51. https://datatracker.ietf.org/doc/html/rfc8555#section-6.5
  52. https://datatracker.ietf.org/doc/html/rfc8555#section-7.6
  53. https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.4
  54. https://datatracker.ietf.org/doc/html/rfc8555#section-10
  55. Chains of Trust - Let's Encrypt
  56. DST Root CA X3 Expiration (September 2021) - Let's Encrypt
  57. https://letsencrypt.org/2024/04/12/changes-to-issuance-chains/
  58. Certificate Compatibility - Let's Encrypt
  59. https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs/
  60. Documentation - Let's Encrypt
  61. End of Life Plan for RFC 6962 Certificate Transparency Logs
  62. Blog - Let's Encrypt
  63. Certificate Transparency (CT) Logs - Let's Encrypt
  64. Ending OCSP Support in 2025 - Let's Encrypt
  65. OCSP Service Has Reached End of Life - Let's Encrypt
  66. Ending Support for Expiration Notification Emails - Let's Encrypt
  67. Expiration Notification Service Has Ended - Let's Encrypt
  68. Crt.sh
  69. letsencrypt/boulder: An ACME-based certificate authority, written in Go.
  70. SSL/TLS Certificate Statistics and Trends for 2025 - Network Solutions
  71. Let's Encrypt Has Issued its First Million Certificates
  72. SSL Statistics & Trends Shaping Web Security in 2025
  73. Integration Guide - Let's Encrypt
  74. Let's Encrypt - Market Share, Competitor Insights in SSL Certificate
  75. https://commongoodcyber.org/news/dan-fernelius-lets-encrypt/
  76. HTTPS encryption on the web - Google Transparency Report
  77. [PDF] The State of https Adoption on the Web | Mozilla Research
  78. What Is the ACME Protocol? - SSL.com
  79. ACME Renewal Information (ARI) Published as RFC 9773
  80. HSTS and Let's Encrypt - Web Performance Consulting - Tim Kadlec
  81. How Let's Encrypt made the internet safer and HTTPS standard
  82. Case Study: Let's Encrypt | Linux Foundation
  83. https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04
  84. Let's Encrypt Issues 15000 Fraudulent "PayPal" Certificates Used for ...
  85. Let's Encrypt and Comodo issue thousands of certificates for phishing
  86. Let's Encrypt issues certs to 'PayPal' phishing sites - Sophos News
  87. Extending Android Device Compatibility for Let's Encrypt Certificates
  88. Any info on the upcoming ECDSA certificate chain with Android ...
  89. Support for Android 7 and older from Oct 2024 - Help
  90. Pros and cons of 90-day certificate lifetimes - Issuance Policy
  91. 90 days is too short. Automatic renewal is silly idea
  92. March 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support
  93. Let's Encrypt Begins Retirement of TLS-SNI-01 Validation
  94. [PDF] 2025.02.02 Fosdem Let's Encrypt Talk
  95. Upcoming Features - Let's Encrypt
  96. https://letsencrypt.org/2025/02/20/first-short-lived-cert-issued/
  97. https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate/
  98. Roadmap Request: Post Quantum Cryptography
User Avatar
No comments yet.