Let's Encrypt

🌐 Protecting Nonprofits Let's Encrypt serves 57% of .org websites worldwide, which are commonly used by nonprofits. By issuing free, accessible and automated TLS certificates, we make it easy for nonprofits to provide security and privacy for their website users so they can stay focused on their missions. 👥 Real-World Impact According to Center for Democracy & Technology (CDT) CTO, Mallory Knodel, “Billions of people in over 60 countries access the Internet with less censorship and surveillance because Let’s Encrypt hastened the adoption of Web security measures by making certificates easy to obtain.” 💙 Philanthropy's Partner Even the biggest philanthropic organizations trust Let's Encrypt. We serve 36% of the top 50 globally. For large philanthropies, their website is the primary tool they have to communicate their focus areas for future funding as well as the impact they’ve made with past giving. We’re proud of our work helping build a better Internet, but we’re particularly proud that our impact protects those seeking to build a better world. 💙🌐 #NonprofitImpact #CyberSecurity #InternetSafety Read our new blog post by Dan Fernelius on Let's Encrypt's role in supporting the nonprofit ecosystem: https://lnkd.in/eQjJYdHf

Bob Lord, we couldn't agree more! 👍

We are thrilled to announce that we’ve deployed ntpd-rs in the Let’s Encrypt infrastructure! Ntpd-rs is a secure, memory safe implementation of the Network Time Protocol (NTP), which is critical for maintaining accurate system time across operating systems. This deployment marks a crucial step in safeguarding our systems against vulnerabilities inherent in traditional languages like C and C++. Launched in 2020, ISRG’s Prossimo project aims to transition essential Internet software to memory safe alternatives. In addition to ntpd-rs, some other Prossimo initiatives include the Rustls TLS library, Hickory DNS, River reverse proxy, sudo-rs, and Rust support for the Linux kernel. This ntpd-rs deployment is just the beginning. Over the coming years, we plan to replace more C/C++ components with the above memory safe solutions. 🔗 Learn more in our latest blog post: https://lnkd.in/gW6ffprN

Congrats to Prateek Mittal for receiving the Association for Computing Machinery (ACM) Grace Murray Hopper Award! 👏 We're proud to be partnering with CITP Princeton to help bolster Internet security. 🌐

Our sibling project, Prossimo, has its own page! Give it a follow for all things memory safety.

With renewed funding from Open Technology Fund, we’re thrilled to be continuing our partnership with Princeton University's Center for Information Technology Policy team. To date, our work with Princeton has focused on defending against BGP attacks on domain control validation via Multi-Perspective Issuance Corroboration (MPIC). This year, Let's Encrypt is adding two new remote perspectives for domain validation, totaling five validation requests. Increased perspectives provide more robust domain validation security, improving visibility and protection against BGP attacks. A heartfelt thank you to Princeton University for their partnership and the Open Technology Fund for making this crucial work possible. Read the full blog post: https://lnkd.in/g3m2jiyT

In our new blog post, Let’s Encrypt Subscriber Tailscale shares their experience implementing ACME Renewal Information (ARI) in their client software. Adoption of ARI allows our Subscribers to easily and automatically manage TLS certificate revocation and replacement. A huge thank you to Tailscale for not only sharing their experience implementing ARI, but also for being a Let’s Encrypt Sponsor! We’re grateful for their support of our work to build a more secure Web for everyone, everywhere. 💡 Learn more about their roadmap for getting ARI in production, and takeaways from the experience: https://lnkd.in/gQau_kZn

🛠️ Learn how to integrate ACME Renewal Information (ARI) into an existing ACME client in our latest blog post! Since its debut in March 2023, ARI has played a pivotal role in boosting the resiliency and reliability of certificate revocation and renewal processes for a growing number of Let’s Encrypt Subscribers. To extend these benefits to an even broader audience, incorporating ARI into more ACME clients is essential. To help in growing widespread adoption, we’re offering a compelling incentive: certificate renewals using ARI will be exempt from all rate limits, provided they occur within the ARI-suggested renewal window and clearly indicate the certificate being replaced. Integrating ARI isn't just a technical upgrade—it’s a significant evolution in the ACME protocol, fostering a collaborative environment where CAs and clients together optimize the renewal process. This in turn ensures a more secure and privacy-respecting Internet for all. 🔍 For step-by-step instructions on integrating ARI into an existing ACME client, read the full blog post: https://lnkd.in/e7Dc_BAU

🔒 Another milestone for Let’s Encrypt 🔒 Last month we generated new intermediate certificates - a significant milestone towards our goal of shortening the Let’s Encrypt chain of trust. Today we’re announcing that on June 6th, 2024 we’ll cross another milestone by switching our issuance to the new intermediates, and removing the DST Root CA X3 cross-sign from our API. What’s changing? - We will start issuing ECDSA end-entity certificates from a default chain that features a single ECDSA intermediate. This simplifies the previous process, removing the second intermediate and the option to issue an ECDSA end-entity certificate from an RSA intermediate. - We’re removing the DST Root CA X3 cross-sign (which we already stopped providing by default back in February) Most of our Subscribers won’t have to do a thing as a result of these changes - in fact, you may not even notice! But by making these changes (along with the other changes we’re making towards our goal of shortening the Let’s Encrypt chain of trust), we’re making our certificates leaner and more efficient, leading to faster page loads and a better overall experience for Internet users everywhere. 🔗 Learn more about these updates in our latest blog post:  https://lnkd.in/efN2dGPg

Last Wednesday, Let’s Encrypt generated 10 new Intermediate CA Key Pairs, and issued 15 new Intermediate CA Certificates containing the new public keys. These intermediates differ from the ones we issued in 2020 in two key ways: - The lifetime of these certificates has been reduced from five years to three - We issued five of each key type (RSA and ECDSA) instead of just two Why does this matter? Our latest batch of intermediates not only promises more security and agility for Let’s Encrypt Subscribers, but also delivers smaller and more efficient certificate chains. This translates into stronger security and faster load times. Learn more about the new intermediates in our latest blog post: https://lnkd.in/gcrawJv4