A Note from Our Executive Director
Let's Encrypt, serving over 500 million websites, plans to introduce six-day TLS certificates to enhance security. The organization emphasizes automation and relies on donations for ongoing projects as it celebrates its 10th anniversary.
Read original article
In a note from Executive Director Josh Aas, the Internet Security Research Group (ISRG) reflects on a successful year for Let's Encrypt, which now serves over 500 million websites with free 90-day TLS certificates. The organization is preparing to celebrate its 10th anniversary and plans to introduce a new offering of short-lived certificates with a lifespan of six days, aimed at enhancing security by reducing exposure during key compromise events. Aas emphasizes the importance of automation, noting that most subscribers will easily transition to these new certificates. He acknowledges the challenges faced in scaling the service and launching new projects like Divvi Up and Prossimo, which enhance internet security infrastructure. The letter highlights the critical role of donations and corporate sponsorships in supporting ISRG's mission, encouraging continued financial support to ensure the future of a secure and privacy-respecting web.
- Let's Encrypt serves over 500 million websites with free TLS certificates.
- A new offering of six-day short-lived certificates will enhance security.
- Automation will facilitate the transition for most subscribers to the new certificate model.
- Donations and sponsorships are vital for ISRG's ongoing projects and mission.
- The organization celebrates its 10th anniversary in 2024, marking significant growth and impact.
Related
Letsencrypt Supports Wildcard Certificates
Let's Encrypt offers free SSL/TLS certificates for secure HTTPS connections, relying on donations. They issue Domain Validation and SAN certificates, recommend reporting malicious activities, and emphasize TLS/SSL security.
Intent to End OCSP Service
Let's Encrypt will discontinue OCSP in favor of CRLs to enhance privacy. This change won't affect website visitors but may impact non-browser software. Users relying on OCSP are advised to prepare for the transition.
Sysadmins rage over Apple's 'nightmarish' SSL/TLS cert lifespan cuts
Apple proposes reducing SSL/TLS certificate lifespans from 398 days to 45 days by 2027, aiming to enhance security, but system administrators are concerned about increased management workload and automation challenges.
Let's Encrypt is 10 years old now
Let’s Encrypt is a free certificate authority that simplifies obtaining SSL/TLS certificates through an automated process, supported by major organizations to enhance internet security and privacy for all users.
Let's not Encrypt
The article critiques Let's Encrypt for creating a false sense of security, highlighting issues with certificate verification, automatic renewals, short validity, and concerns about its funding and long-term viability.
4 comments> but we are going to introduce a new offering that’s a big shift from anything we’ve done before - short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.
Every six days is fine, just use something like Caddy that rotates the certs for you and it should just be set it and forget it.
Yes, I realize this is a bit glib.
Related
Letsencrypt Supports Wildcard Certificates
Let's Encrypt offers free SSL/TLS certificates for secure HTTPS connections, relying on donations. They issue Domain Validation and SAN certificates, recommend reporting malicious activities, and emphasize TLS/SSL security.
Intent to End OCSP Service
Let's Encrypt will discontinue OCSP in favor of CRLs to enhance privacy. This change won't affect website visitors but may impact non-browser software. Users relying on OCSP are advised to prepare for the transition.
Sysadmins rage over Apple's 'nightmarish' SSL/TLS cert lifespan cuts
Apple proposes reducing SSL/TLS certificate lifespans from 398 days to 45 days by 2027, aiming to enhance security, but system administrators are concerned about increased management workload and automation challenges.
Let's Encrypt is 10 years old now
Let’s Encrypt is a free certificate authority that simplifies obtaining SSL/TLS certificates through an automated process, supported by major organizations to enhance internet security and privacy for all users.
Let's not Encrypt
The article critiques Let's Encrypt for creating a false sense of security, highlighting issues with certificate verification, automatic renewals, short validity, and concerns about its funding and long-term viability.