-
A Note from our Executive Director
Reflecting on a decade of growth, innovation, and impact at ISRG. -
Ending OCSP Support in 2025
Certificate revocation information will be provided exclusively through CRLs. -
Intent to End OCSP Service
Moving to a more privacy-respecting and efficient method of checking certificate revocation. -
More Memory Safety for Let’s Encrypt: Deploying ntpd-rs
NTP is critical to how TLS works, and now it’s memory safe at Let’s Encrypt. -
Let’s Encrypt Continues Partnership with Princeton to Bolster Internet Security
Increasing defense against BGP attacks thanks to support from the Open Technology Fund. -
Takeaways from Tailscale’s Adoption of ARI
ACME Renewal Info (ARI) enables easy and automated cert revocation and replacement. -
An Engineer’s Guide to Integrating ARI into Existing ACME Clients
Six steps developers can take to integrate ARI into an existing ACME client. -
Deploying Let's Encrypt's New Issuance Chains
Using our new RSA & ECDSA intermediates to sign certificates starting June 6th. -
New Intermediate Certificates
Adding new intermediates for security, efficiency, and agility. -
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost
New software, specification, and logs for Certificate Transparency. -
A Year-End Letter from our Vice President
A summary of how ISRG’s three projects, Let’s Encrypt, Divvi Up, and Prossimo continue to improve security and privacy. -
Our role in supporting the nonprofit ecosystem
A look at how Let’s Encrypt provides security and privacy to public and social benefit organizations. -
Increase your security governance with CAA
Using Certificate Authority Authorization and Account & Method Binding is an easy way to enhance your DNS security. -
Shortening the Let's Encrypt Chain of Trust
In late 2024, Let’s Encrypt’s cross-sign from IdenTrust will expire. Here’s everything you need to know about the upcoming transition, and why it will be a non-event for most people. -
ISRG’s 10th Anniversary
As ISRG celebrates its 10th anniversary, Co-founder and Executive Director Josh Aas reflects on the accomplishments of the nonprofit and looks ahead to its continued impact in the years to come. -
Improving Resiliency and Reliability for Let’s Encrypt with ARI
The ACME Renewal Information (ARI) protocol extension enables certificate revocation and renewal at scale. -
Thank you to our 2023 renewing sponsors
Let’s Encrypt is a nonprofit service and our longtime and renewing sponsors play a major role in making that possible. -
A Look into the Engineering Culture at ISRG
ISRG has implemented several practices that aim to create a workplace where engineers can thrive. -
Let’s Encrypt improves how we manage OCSP responses
By deploying Redis, Let’s Encrypt has improved our OCSP responses and increased reliability. -
A Year-End Letter from our Executive Director
It’s been an exciting year for ISRG and its projects: from Let’s Encrypt issuing its three billionth certificate to Prossimo supporting the efforts to get Rust into the Linux kernel. -
Remembering Peter Eckersley
Peter Eckersley, a Let’s Encrypt co-founder, passed away unexpectedly on September 2, 2022. -
A New Life for Certificate Revocation Lists
Let’s Encrypt has developed new infrastructure to make CRLs a practical tool for our 200M active certs. -
Nurturing Continued Growth of Our Oak CT Log
Only five organizations run a Certificate Transparency log, and the Let’s Encrypt log is the only fully open source stack. -
TLS Beyond the Web: How MongoDB Uses Let’s Encrypt for Database-to-Application Security
MongoDB uses millions of Let’s Encrypt certs for critical workloads. -
Let’s Encrypt Receives the Levchin Prize for Real-World Cryptography
We are honored to be recognized for the impact on the field of cryptography. -
New Major Funding from the Ford Foundation
$1M grant from The Ford Foundation supports ISRG’s security and privacy mission. -
A Year-End Letter from our Executive Director
A summary of the progress made toward improving security and privacy with ISRG’s three projects: Let’s Encrypt serves 260M websites, our Prossimo project seeks to solve problems caused by lack of memory safety, and Divvi Up is building a privacy-preserving metrics system. -
TLS Simply and Automatically for Europe’s Largest Cloud Customers
How OVHcloud uses Let’s Encrypt certificates for millions of European customers -
Making the Web safer and more secure for everyone
Celebrating our progress toward a more secure Web on Global Encryption Day. -
Resources for Certificate Chaining Help
Information related to DST CA Root X3 expiration -
Speed at scale: Let’s Encrypt serving Shopify’s 4.5 million domains
What does it take to manage TLS certificates at a leading e-commerce company? -
Preparing to Issue 200 Million Certificates in 24 Hours
When we think about what essential infrastructure for the Internet needs to be prepared for though, we’re not thinking about normal days. We want to be prepared to respond as best we can to the most difficult situations that might arise. -
The Next Gen Database Servers Powering Let's Encrypt
Database performance is the single most critical factor in our ability to scale while meeting service level objectives. In late 2020, we upgraded our database servers and we’ve been very happy with the results. -
A Year-End Letter from the Executive Director of Let's Encrypt and ISRG
ISRG’s first project, Let’s Encrypt, has been wildly successful. We’re now helping to secure more than 225 million websites and the Web is making great progress towards 100% HTTPS. We’ve put in a lot of hard work and dealt with some challenges along the way, but at a high level the outlook is quite sunny. I’m incredibly proud to share some of what our organization has accomplished in 2020. -
Extending Android Device Compatibility for Let's Encrypt Certificates
We’re happy to announce that we have developed a way for older Android devices to retain their ability to visit sites that use Let’s Encrypt certificates after our cross-signed intermediates expire. We are no longer planning any changes in January that may cause compatibility issues for Let’s Encrypt subscribers. -
Standing on Our Own Two Feet [Updated]
When a new Certificate Authority (CA) comes on the scene, it faces a conundrum: In order to be useful to people, it needs its root certificate to be trusted by a wide variety of operating systems (OSes) and browsers. However, it can take years for the OSes and browsers to accept the new root certificate, and even longer for people to upgrade their devices to the newer versions that include that change. -
Let's Encrypt's New Root and Intermediate Certificates
On Thursday, September 3rd, 2020, Let’s Encrypt issued six new certificates: one root, four intermediates, and one cross-sign. These new certificates are part of our larger plan to improve privacy on the web, by making ECDSA end-entity certificates widely available, and by making certificates smaller. -
Let's Encrypt Has Issued a Billion Certificates
We issued our billionth certificate on February 27, 2020. We’re going to use this big round number as an opportunity to reflect on what has changed for us, and for the Internet, leading up to this event. -
Multi-Perspective Validation Improves Domain Validation Security
At Let’s Encrypt we’re always looking for ways to improve the security and integrity of the Web PKI. We’re proud to launch multi-perspective domain validation today because we believe it’s an important step forward for the domain validation process. -
How Let's Encrypt Runs CT Logs
Let’s Encrypt launched a Certificate Transparency (CT) log this past spring. We’re excited to share how we built it in hopes that others can learn from what we did. -
Onboarding Your Customers with Let's Encrypt and ACME
If you work at a hosting provider or CDN, ACME’s DNS-01 validation method can make it a lot easier to onboard new customers who have an existing HTTPS website at another provider. Before your new customer points their domain name at your servers, you need to have a certificate already installed for them. Otherwise visitors to the customer’s site will see an outage for a few minutes while you issue and install a certificate. -
Introducing Oak, a Free and Open Certificate Transparency Log
Today we are announcing a new Certificate Transparency log called Oak. -
Transitioning to ISRG's Root
On January 11, 2021, we will change the default intermediate certificate we provide via ACME. Most subscribers don’t need to do anything. Subscribers who support very old TLS/SSL clients may want to manually configure the older intermediate to increase backwards compatibility. -
The ACME Protocol is an IETF Standard
It has long been a dream of ours for there to be a standardized protocol for certificate issuance and management. That dream has become a reality now that the IETF has standardized the ACME protocol as RFC 8555. -
Facebook Expands Support for Let’s Encrypt
We’re excited that Facebook is supporting our work through a three-year Platinum sponsorship! We asked them to share their thoughts on HTTPS adoption here. Please join us in thanking Facebook for their support of Let’s Encrypt and our mission to encrypt the Web! -
Looking Forward to 2019
Let’s Encrypt had a great year in 2018. We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record. -
Let's Encrypt Root Trusted By All Major Root Programs
As of the end of July 2018, the Let’s Encrypt root, ISRG Root X1, is directly trusted by Microsoft products. Our root is now trusted by all major root programs, including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. -
Engineering deep dive: Encoding of SCTs in certificates
How Signed Certificate Timestamps get embedded in certificates -
Looking Forward to 2018
While we’re proud of what we accomplished in 2017, we are spending most of the final quarter of the year looking forward rather than back. -
ACME Support in Apache HTTP Server Project
We’re excited that support for getting and managing TLS certificates via the ACME protocol is coming to the Apache HTTP Server Project (httpd). -
Wildcard Certificates Coming January 2018
Let’s Encrypt will begin issuing wildcard certificates in January of 2018. -
Milestone: 100 Million Certificates Issued
Let’s Encrypt has reached a milestone. We’ve now issued more than 100,000,000 certificates. -
ACME v2 API Endpoint Coming January 2018
Let’s Encrypt will add support for the IETF-standardized ACME v2 protocol in January of 2018. -
OVH Renews Platinum Sponsorship of Let's Encrypt
We’re pleased to announce that OVH has renewed their support for Let’s Encrypt as a Platinum sponsor for the next three years. -
Let’s Encrypt 2016 In Review
Our first full year as a live CA was an exciting one. I’m incredibly proud of what our team and community accomplished during 2016. I’d like to share some thoughts about how we’ve changed, what we’ve accomplished, and what we’ve learned. -
Launching Our Crowdfunding Campaign
Today we kicked off our first crowdfunding campaign with the goal of raising enough funds to cover about one month of our operations - $200,000. -
Our First Grant: The Ford Foundation
We are proud to announce that The Ford Foundation has awarded us a grant to help our growing operations. -
Squarespace OCSP Stapling Implementation
OCSP stapling is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation status of certificates. -
Introducing Internationalized Domain Name (IDN) Support
Let’s Encrypt is pleased to introduce support for issuing certificates that contain Internationalized Domain Names (IDNs). -
ISRG Legal Transparency Report, January 2016 - June 2016
The trust of our users is ISRG’s most critical asset. Transparency regarding legal requests is an important part of making sure our users can trust us, and to that end we will be publishing reports twice annually. -
What It Costs to Run Let's Encrypt
Today we’d like to explain what it costs to run Let’s Encrypt. We’re doing this because we strive to be a transparent organization, we want people to have some context for their contributions to the project, and because it’s interesting. -
Let's Encrypt Root to be Trusted by Mozilla
The Let’s Encrypt root key (ISRG Root X1) will be trusted by default in Firefox 50, which is scheduled to ship in Q4 2016. -
Full Support for IPv6
Let’s Encrypt is happy to announce full support for IPv6. -
Defending Our Brand [Updated]
We have confirmed that Comodo submitted Requests for Express Abandonment for all three trademark registration applications in question. -
Progress Towards 100% HTTPS, June 2016
Our goal with Let’s Encrypt is to get the Web to 100% HTTPS. We’d like to give a quick progress update. -
Leaving Beta, New Sponsors
Let’s Encrypt is leaving beta today. We’re also excited to announce that founding sponsors Cisco and Akamai have renewed their Platinum sponsorships with 3-year commitments, Gemalto is joining as our newest Gold sponsor, and HP Enterprise, Fastly, Duda and ReliableSite.net are our newest Silver sponsors. -
ISRG Legal Transparency Report, July 2015 - December 2015
The trust of our users is ISRG’s most critical asset. Transparency regarding legal requests is an important part of making sure our users can trust us, and to that end we will be publishing reports twice annually. -
New Name, New Home for the Let's Encrypt Client Software
Over the next few months the Let’s Encrypt client software (not the service) will transition to a new name, soon to be announced, and a new home at the Electronic Frontier Foundation (EFF). -
Our Millionth Certificate
Let’s Encrypt has issued its millionth certificate, helping to secure approximately 2.4 million domains. This milestone means a lot to a team that started building a CA from scratch 16 months ago with an aim to have a real impact on the security of the Web as soon as possible. -
OVH Sponsors Let's Encrypt
We’re pleased to announce that OVH has become a Platinum sponsor of Let’s Encrypt. -
Entering Public Beta
We’re happy to announce that Let’s Encrypt has entered Public Beta. Invitations are no longer needed in order to get free certificates from Let’s Encrypt. -
Facebook Sponsors Let's Encrypt
We’re happy to share today that Facebook is the newest Gold sponsor of Let’s Encrypt. -
Public Beta: December 3, 2015
Let’s Encrypt will enter Public Beta on December 3rd, 2015. Once we’ve entered Public Beta our systems will be open to anyone who would like to request a certificate. -
Why ninety-day lifetimes for certificates?
We’re sometimes asked why we only offer certificates with ninety-day lifetimes. People asking this are usually concerned that this is too short and wish we would offer certificates lasting a year or more, like some other CAs do. -
The CA's Role in Fighting Phishing and Malware
Since we announced Let’s Encrypt we’ve often been asked how we’ll ensure that we don’t issue certificates for phishing and malware sites. -
Let's Encrypt is Trusted
We’re pleased to announce that we’ve received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let’s Encrypt certificates can enjoy a secure browsing experience with no special configuration required. -
Internet Society Sponsors Let's Encrypt
We’re pleased to announce that Internet Society (ISOC) has become a Gold sponsor of Let’s Encrypt. -
Our First Certificate Is Now Live
Let’s Encrypt passed another major milestone by issuing our first certificate. -
Let's Encrypt Community Support
Let’s Encrypt’s success depends on the support of a strong community. Nowhere is this more true than when it comes to subscriber support. Today we’re happy to announce Let’s Encrypt Community Support, a place for our community to both give and receive support. -
Updated Let's Encrypt Launch Schedule
We can’t wait to see websites turn on TLS with Let’s Encrypt. Trust is our most important asset, however, and we need to take the necessary time to make sure our systems are secure and stable. -
ISRG Legal Transparency Report, January 2015 - June 2015
The trust of our users is ISRG’s most critical asset. Transparency regarding legal requests is an important part of making sure our users can trust us, and to that end we will be publishing reports twice annually. -
Let's Encrypt Launch Schedule
Let’s Encrypt has reached a point where we’re ready to announce our launch schedule. -
Let's Encrypt Root and Intermediate Certificates
The keys and certificates that will underlie Let’s Encrypt have been generated. -
Draft Let's Encrypt Subscriber Agreement
Today we’re publishing the first public draft of the Let’s Encrypt Subscriber Agreement. -
Updated Draft ISRG CP and CPS
Today we’re publishing an updated draft of our Certificate Policy (CP) and the first public draft of our Certification Practice Statement (CPS). -
ISRG Engages NCC Group for Let's Encrypt Audit
ISRG has engaged the NCC Group Crypto Services team to perform a security review of Let’s Encrypt’s certificate authority software, boulder, and the ACME protocol. -
ISRG and The Linux Foundation to Collaborate
Internet Security Research Group (ISRG), the non-profit entity behind Let’s Encrypt, is pleased to announce our collaboration with The Linux Foundation. -
Draft ISRG Certificate Policy (CP)
Today we’re publishing a draft of our Certificate Policy (CP). -
Let’s Encrypt: Delivering SSL/TLS Everywhere
Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?
Subscribe via RSS