Deploy360 Encryption Transport Layer Security (TLS)

Let’s Encrypt hits 1 million certificates

letsencryptEarly last week, Let’s Encrypt issued its one millionth certificate, a impressive achievement considering it only entered its public beta phase just over three months ago. Let’s Encrypt is a new trusted Certificate Authority (CA) offering free digital certificates used for securing servers for use with TLS applications such as secure web browsing and online financial transactions.

In fact, the 1 million Let’s Encrypt certificates are actually securing approximately 2.5 million fully-qualified domain names as a single certificate can cover multiple domains, and 90% of these have never previously been reachable with HTTPS before. This suggests that making certificates cheap and easy to install indeed encourages the deployment of TLS and the aim of ensuring that secure web browsing becomes the default.

Let’s Encrypt also supports automation to simplify obtaining and managing certificates, as well as encouraging 90 day renewal to limit damage from key compromise and mis-issuance. This is achieved through the Automated Certificate Management Environment (ACME) which offers a standards-based REST API allowing client software to authenticate domains and automatically install certificates on servers without human intervention. A number of ACME-compliant clients have now been developed and are listed on the Let’s Encrypt community pages.

The Let’s Encrypt initiative is supported by sponsoring organisations who have an interest in promoting encrypted communication as the norm on the Internet. Over half of these sponsors have stepped up since the launch, demonstrating how successful the initiative has been.

More information about Let’s Encrypt and how to obtain certificates can be found on the Let’s Encrypt website.

Of course, digital certificates can be used for more than just securing the web. Deploy360 recently tested Let’s Encrypt certificates with the Go6lab mail servers and DANE, and it’s worth reading Part 1 and Part 2 of Jan Žorž’s tutorial on how to do this.

You can also check out whether a server supports the TLS protocol using the tools listed on our TLS Tools page.