Let's Encrypt

2025 marks ten years of Let’s Encrypt! 🎉 Already this year we’ve taken steps to continue delivering on our values of user privacy, efficiency, and innovation, all to further our goal of delivering free TLS certificates to as many people as possible. Our unofficial tagline for this tenth anniversary is “Encryption for Everybody.” It embodies our commitment to that goal, but it also captures the reality that technical innovation takes a village - and ours is a big village! It’s thanks to the thousands of volunteers providing free technical support via our community forum, our sponsors, countless individual donors, and others that Let’s Encrypt has scaled free TLS for a decade. Each month, we’ll be highlighting different sets of people who make our work possible. Who do you want to see recognized? What Let’s Encrypt use cases have amazed you? What do you hope we’ll improve on in the next ten years? Let us know in the comments or at outreach@letsencrypt.org! #LetsEncrypt10 #Encryption4Everybody #Cybersecurity #TLS https://lnkd.in/gzaSzn3P

Let’s Encrypt participates enthusiastically in the Certificate Transparency ecosystem. As certificate volumes continue to grow quickly, classic RFC 6962 CT logs have faced scaling challenges, becoming more expensive to run and slower to query. Today we’re announcing EOL dates for our RFC 6962 logs: read-only on Nov 3, 2025, complete shut down Feb 9, 2026. We will rely on Static CT API logs going forward. End users (consumers or relying parties) of Web PKI certificates do not need to take any action. Read the blog post: https://lnkd.in/gR8VHMzJ

We’re thrilled to welcome Staffbase as a Silver Sponsor! In their words, "Staffbase is the leading Employee Communications Cloud, empowering over 2000 top organizations like Adidas and DHL to inspire their people with motivating communication through a unified platform. Recognized as a leader in the Gartner® Magic Quadrant™ for Intranet Packaged Solutions, Staffbase connects companies with their employees through a branded employee app, intranet, email and more. Learn more at https://staffbase.com/

Today we turned off our Online Certificate Status Protocol (OCSP) service, as announced in December of last year. Going forward, we will publish revocation information exclusively via Certificate Revocation Lists (CRLs). We ended support for OCSP primarily because it represents a considerable risk to privacy on the Internet. Ending the service will also simplify our infrastructure and help us continue to operate as efficiently as possible. At the height of our OCSP service’s traffic earlier this year, we handled approximately 340 billion OCSP requests per month. That’s more than 140,000 requests per second handled by our CDN, with 15,000 requests per second handled by our origin. We’d like to thank Akamai Technologies for generously donating CDN services for OCSP to Let’s Encrypt for the past ten years. Read the blog post: https://lnkd.in/gSpW8_um

Let’s Encrypt has issued its first IP address certificate! Subscribers have been asking for years for the ability to get certificates for IP addresses, not just domain names. And we’re excited to share that this feature is now live. We have issued our first IP address certificate, enabling secure HTTPS connections to servers identified by numerical IP addresses. While most subscribers will continue using domain name certificates, this option will be useful for specific infrastructure needs such as securing DNS over HTTPS, cloud services, or default hosting pages. IP address certificates are currently available in staging. We expect general availability later in 2025. Read more in the blog post by Aaron Gable: https://lnkd.in/gsRjYksQ #LetsEncrypt #ISRG #Encryptionforeverybody #HTTPS #WebSecurity #InternetSecurity

Our Executive Director, Josh Aas, delivered a keynote this morning at Open Source Summit North America: "Ten Years as a Free, Open, and Automated Certificate Authority." He reflected on what we’ve learned over a decade of running Let’s Encrypt and shared plans for the future. Huge thanks to AWS Open Source for the keynote slot and for continuing to spotlight mission-driven projects like ours. The energy and collaboration at #OSSummit remind us why open source is so powerful. We’re grateful to be part of this critical and vibrant community. #OpenSource #LetsEncrypt #EncryptionforEverybody #OSS #NonprofitTech

Our Executive Director, Josh Aas, is speaking at #AWSreInforce tomorrow! Don't miss Josh and Mark Ryland's breakout session on: "Internet Security: The Past and Future of TLS Certificates and Web PKI." Together, they’ll reflect on lessons learned over the past decade and share what’s next for a more secure Internet. When: Wednesday, June 18 at 1p Join the conversation: https://lnkd.in/e6ijERGc

Certificate Transparency (CT) has been an important part of the web PKI since 2013. We participate in CT both as a certificate issuer and as a log operator. Today we're excited to share some reflections on CT, and in particular, our work with Sunlight. Take a closer look at our work with CT in our latest blog post: https://lnkd.in/gfMtwDKJ

Every night, thousands of abandoned servers try and fail to get TLS certificates from Let’s Encrypt. These “zombie clients” don’t know their domains no longer work—they just keep trying. By late 2024, they were responsible for nearly half of all certificate requests we received. We’ve deployed a new rate limit to detect and pause this kind of activity unless a human steps in to confirm it’s still needed. It’s already blocked over 100,000 zombie clients and dramatically reduced failed validations, all without impacting our subscribers. Read more in our blog post by Samantha Frank: https://lnkd.in/gw2wBhde

Ten years ago today, we held our first key ceremony. On June 4, 2015, we created the ISRG Root X1 key—the root of trust that would go on to secure hundreds of millions of domains. While our first certificate wouldn’t go live until September of that year, today marks a milestone we’re incredibly proud of. Since then, Let’s Encrypt has issued over six billion certificates, supported by a global community of open source contributors, sponsors, and individual supporters. Thank you to everyone who’s been part of the journey. Read the original blog post: https://lnkd.in/gXt5T_z4 #LetsEncrypt10 #EncryptionForEverybody #TLS #Privacy #HTTPS #InternetSecurity #ThankYou