Let’s Encrypted Reached 20 Million Active Certificates in 2016

Interesting look from Let’s Encrypt Executive Director Josh Aas on the explosion in certificates that the free service has seen since its launch in 2015,

At the start of 2016, Let’s Encrypt certificates had been available to the public for less than a month and we were supporting approximately 240,000 active (unexpired) certificates. That seemed like a lot at the time! Now we’re frequently issuing that many new certificates in a single day while supporting more than 20,000,000 active certificates in total. We’ve issued more than a million certificates in a single day a few times recently. We’re currently serving an average of 6,700 OCSP responses per second.

. . .

When 2016 started, our root certificate had not been accepted into any major root programs. Today we’ve been accepted into the Mozilla, Apple, and Google root programs. We’re close to announcing acceptance into another major root program. These are major steps towards being able to operate as an independent CA.

EFF Says HTTPS Deployment Saw Major Growth in 2016

In an end-of-the-year summary, the Electronic Frontier Foundation noted that deployment of HTTPS grew dramatically in 2016,

By some measures, more than half of page loads in Firefox and in Chrome are now secured with HTTPS—the first time this has ever happened in the Web’s history. That’s right: for the first time ever, most pages viewed on the Web were encrypted! (As another year-in-review post will discuss, browsers are also experimenting with and rolling out stronger encryption technologies to better protect those connections.)

The EFF sites the availability of tools and services such as Let’s Encrypt that make obtaining and deploying certificates easier, as well as increasing pressure on companies to encrypt all traffic rather than just specific subsets.

The one troubling spot is that this increase isn’t necessarily distributed well geographically,

A caveat: data from Google shows that use of HTTPS varies significantly from country to country, remaining especially uncommon in Japan. We’ve also heard that it’s still uncommon across much of East and Southeast Asia. Next year, we’ll have to find ways to bridge those gaps.

I’ve used HTTPS on 99 percent of my server for years now, but there was a tiny portion that was not HTTPS because of a specific application that used its own non-Apache server that did not play well with the Wildcard SSL certificate I use. This year, finally, I was able to use Let’s Encrypt to flawlessly install a certificate just for that. The process for doing so was ridiculously easy and took about 10 minutes from beginning to end to configure and test.

Peter Eckersley’s Presentation on Let’s Encrypt at CCCamp15

Peter Eckersley gave an impressive presentation about the Let’s Encrypt initiative at CCCamp15.

Let’s Encrypt is mainly known for it’s plan to offer free SSL certificates, which is cool, but the most interesting part of Eckersley’s presentation starts about 25 minutes in where he discusses how the initiative plans to address issues surrounding vulnerabilities related to the Certificate Authority system itself.

The only thing I see personally that I wish Let’s Encrypt supported right out of the gate is Wildcard Certs, but Eckersley indicates in the Q&A session that they will be looking into things like Wildcard Certs after they’re certain the basic functionality of their CA is rock solid.

 

https://www.youtube.com/watch?v=pd-h8WOiI8A