From letsencrypt.org
Let's Encrypt Stats - Let's Encrypt
1 1
Please note that the Let's Encrypt Growth and Let's Encrypt Certificates Issued Per Day charts are undergoing updates and may not reflect the most recent data. Let's Encrypt Growth Percentage of Web Pages Loaded by Firefox Using HTTPS (14-day moving average, source: Firefox Telemetry) Let's...
on Aug 7
From letsencrypt.org
Let’s Encrypt: Delivering SSL/TLS Everywhere
0 22
Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere?...
on Wed, 7AM
From letsencrypt.org
0 0
Subscribing If you provide an email address to Let’s Encrypt when you create your account, we’ll do our best to automatically send you expiry notices when your certificate is coming up for renewal. We try to send the first notice at 20 days before your certificate expires, and the...
on Oct 19
From letsencrypt.org
A New Life for Certificate Revocation Lists - Let's Encrypt
0 0
This month, Let’s Encrypt is turning on new infrastructure to support revoking certificates via Certificate Revocation Lists. Despite having been largely supplanted by the Online Certificate Status Protocol for over a decade now, CRLs are gaining new life with recent browser updates. By...
on Sep 25
From letsencrypt.org
Adding random entries to the directory
0 0
ACME is designed to be extensible by adding new JSON fields, which should be ignored by clients that do not understand them. Unfortunately, some of the earliest ACME clients were intolerant of new fields, which has made it hard to introduce new fields to objects like the one returned from the...
on Aug 23
From letsencrypt.org
Sunsetting of OCSP in favor of older technology?
0 1
This post is my personal opinion on the matter, and some of my coworkers will disagree with some points here: OCSP without stapling doesn’t work because implementations fail open because of reliability problems, and therefore don’t meet the security goals either. The privacy implications of...
on Aug 10
From letsencrypt.org
Intent to End OCSP Service - Let's Encrypt
0 1
Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible. OCSP and CRLs are both mechanisms by which CAs can communicate certificate revocation information, but CRLs have significant advantages...
on Jul 27
From letsencrypt.org
Intent to End OCSP Service - Let's Encrypt
0 0
Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible. OCSP and CRLs are both mechanisms by which CAs can communicate certificate revocation information, but CRLs have significant advantages...
on Jul 24
From letsencrypt.org
Intent to End OCSP Service - Let's Encrypt
0 0
Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible. OCSP and CRLs are both mechanisms by which CAs can communicate certificate revocation information, but CRLs have significant advantages...
on Jul 23
From letsencrypt.org
0 0
This FAQ is divided into the following sections: General Questions Technical Questions General Questions What services does Let’s Encrypt offer? Let’s Encrypt is a global Certificate Authority (CA). We let people and organizations around the world obtain, renew, and manage SSL/TLS...
on Jul 17
From letsencrypt.org
Let's Encrypt certificate for client to Squid proxy encryption
0 0
You could always slap a proxy in from of [that proxy] - LOL
on Jul 3
From letsencrypt.org
More Memory Safety for Let’s Encrypt: Deploying ntpd-rs - Let's Encrypt
0 0
When we look at the general security posture of Let’s Encrypt, one of the things that worries us most is how much of the operating system and network infrastructure is written in unsafe languages like C and C++. The CA software itself is written in memory safe Golang, but from our server...
on Jun 25
From letsencrypt.org
Deploying Let's Encrypt's New Issuance Chains - Let's Encrypt
0 0
On Thursday, June 6th, 2024, we will be switching issuance to use our new intermediate certificates. Simultaneously, we are removing the DST Root CA X3 cross-sign from our API, aligning with our strategy to shorten the Let’s Encrypt chain of trust. We will begin issuing ECDSA end-entity...
on Jun 16
From letsencrypt.org
Deploying Let's Encrypt's New Issuance Chains
0 0
On Thursday, June 6th, 2024 , we will be switching issuance to use our new intermediate certificates. Simultaneously, we are removing the DST Root CA X3 cross-sign from our API, aligning with our strategy to shorten the Let’s Encrypt chain of trust. We will begin issuing ECDSA end-entity...
on Jun 6
From letsencrypt.org
Unexpected renewal failures during April 2024? Please read this!
0 0
A noticeable number of Let's Encrypt users who previously had many successful certificate renewals have been having renewal difficulties during April 2024. Many of these have been attributable to a recent change on the Let's Encrypt side. If your Let's Encrypt client application shows you a...
on May 6
From letsencrypt.org
Chain of Trust - Let's Encrypt
0 0
Root Certificates Our roots are kept safely offline. We issue end-entity certificates to subscribers from the intermediates in the next section. For additional compatibility as we submit our new Root X2 to various root programs, we have also cross-signed it from Root X1. Active ISRG Root X1...
on Apr 13
From letsencrypt.org
Deploying Let's Encrypt's New Issuance Chains - Let's Encrypt
0 0
On Thursday, June 6th, 2024, we will be switching issuance to use our new intermediate certificates. Simultaneously, we are removing the DST Root CA X3 cross-sign from our API, aligning with our strategy to shorten the Let’s Encrypt chain of trust. We will begin issuing ECDSA end-entity...
on Apr 13
From letsencrypt.org
Let's Encrypt's New Root and Intermediate Certificates - Let's Encrypt
0 0
On Thursday, September 3rd, 2020, Let’s Encrypt issued six new certificates: one root, four intermediates, and one cross-sign. These new certificates are part of our larger plan to improve privacy on the web, by making ECDSA end-entity certificates widely available, and by making certificates...
on Apr 6
From letsencrypt.org
Ongoing(?) DNSSEC/CAA/Network Solutions issues blocking http-01 renewals?
0 0
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
on Mar 29
From letsencrypt.org
0 0
I just read the post about the decision of Let's Encrypt to drop backward compatibility with older Android systems. Shortening the Let's Encrypt Chain of Trust - Let's Encrypt What happens is you start getting certificate errors when surfing pages in Google Chrome, the most used browser in the...
on Mar 26
From letsencrypt.org
New Intermediate Certificates - Let's Encrypt
0 0
On Wednesday, March 13, 2024, Let’s Encrypt generated 10 new Intermediate CA Key Pairs, and issued 15 new Intermediate CA Certificates containing the new public keys. These new intermediate certificates provide smaller and more efficient certificate chains to Let’s Encrypt...
on Mar 19
From letsencrypt.org
0 0
Let’s Encrypt is proud to introduce Sunlight, a new implementation of a Certificate Transparency log that we built from the ground up with modern Web PKI opportunities and constraints in mind. In partnership with Filippo Valsorda, who led the design and implementation, we incorporated...
on Mar 15
From letsencrypt.org
0 0
Let’s Encrypt is proud to introduce Sunlight, a new implementation of a Certificate Transparency log that we built from the ground up with modern Web PKI opportunities and constraints in mind. In partnership with Filippo Valsorda, who led the design and implementation, we incorporated...
on Mar 14
From letsencrypt.org
LetsEncrypt certificates fails on Android phones running Android 7 or older
0 0
The app using LetsEncrypt certificates fails on Android phones running Android 7 or older . Same applications on other phones with newer android versions are working fine. The error received in the android application is: java.security.cert.CertPathValidatorException: Trust anchor for...
on Mar 9
From letsencrypt.org
Updating my e-mail address with certbot
0 0
Hi @gauthier The email address is tied to your account (which was created the first time you issued your first cert). All the certificates issued with that account will use the same email address, so you can't have different email addresses for different certificates, well, you could but you...
on Feb 12
From letsencrypt.org
Challenge Types - Let's Encrypt
0 0
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME client, but if you need to make some more complex...
on Feb 6
From letsencrypt.org
Why does let's encrypt issue SSL certificates to fraudulent sites
0 0
The purpose of a certificate is to provide assurance to the web user community that the site in question is secure and valid. I have found yet another fraudulent web site in which Let's Encrypt issued a certificate - https://insightcreditunion.life/pc.html. My prior topic on this subject was...
on Jan 25
From letsencrypt.org
Change Domain Challenge Method in acme.sh
0 0
Hello! I am having an issue where a few of my domains (we'll use calckey.club for example here), were originally challenged with http-01, and I want to migrate to dns-01. acme.sh is setting up DNS records correctly in AWS Route 53, but ACME/Let's Encrypt keeps enforcing the http-01 check, when...
on Jan 23
From letsencrypt.org
Shortening the Let's Encrypt Chain of Trust - Let's Encrypt
0 0
When Let’s Encrypt first launched, we needed to ensure that our certificates were widely trusted. To that end, we arranged to have our intermediate certificates cross-signed by IdenTrust’s DST Root CA X3. This meant that all certificates issued by those intermediates would be...
on Jan 22
From letsencrypt.org
Integration Guide - Let's Encrypt
0 0
This document contains helpful advice if you are a hosting provider or large website integrating Let’s Encrypt, or you are writing client software for Let’s Encrypt. Plan for Change Both Let’s Encrypt and the Web PKI will continue to evolve over time. You should make sure you...
on Jan 20
From letsencrypt.org
Urgent, immediate action required: Renew Buypass ACME (Go SSL) certificates
0 0
Anyone heard of that? Hi, Please renew your Buypass ACME (Go SSL) certificates issued before December 22, 2023 at 12:00 (CET). We have identified an issue within our systems so that these certificates do not comply with certificate issuance requirements. We have corrected the issue, but all...
on Dec 29
From letsencrypt.org
Our role in supporting the nonprofit ecosystem - Let's Encrypt
0 0
For more than ten years, we at the nonprofit Internet Security Research Group (ISRG) have been focused on our mission of building a more secure and privacy-respecting Internet for everyone, everywhere. As we touch on in our 2023 Annual Report, we now serve more than 360 million domains with free...
on Dec 14
From letsencrypt.org
0 0
We plan to begin issuing from intermediates unpredictably, so (for example) you wouldn't know if your cert is going to come from R3 or R4 until you have it in hand. Keep an eye out for more about this in the near future; this thread isn't the place to go into details. Unless one can have...
on Nov 16, 2023
From letsencrypt.org
GDPR compliance - lawful basis for transfer to third country
0 0
It is not. They are. (Edit: they most probably are, in my opinion) As for any other data transfer. It's not a "workaround". The visit to the website, because of how it was built/configured, did produce that transfer And the IP address. And as the IP may identify an individual, that...
on Nov 15, 2023
From letsencrypt.org
A New Life for Certificate Revocation Lists - Let's Encrypt
0 0
This month, Let’s Encrypt is turning on new infrastructure to support revoking certificates via Certificate Revocation Lists. Despite having been largely supplanted by the Online Certificate Status Protocol for over a decade now, CRLs are gaining new life with recent browser updates. By...
on Nov 15, 2023
From letsencrypt.org
CAA record for et prevents issuance
0 0
Hi, we own the domains page.et and suk.et, purchased at Ethio Telecom, with DNS hosting managed at Cloudflare and successfully got a letsencrypt wildcard certificate. Now the renewal fails: certbot certificates Certificate Name: page.et Serial Number: xxxxxxxxxxxxx Key Type: RSA ...
on Nov 14, 2023
From letsencrypt.org
Simplifying Issuance for Very Long Domain Names
0 0
Let’s Encrypt will soon begin issuing certificates when all provided DNS Names (domain names) are 64 characters or longer. Under these circumstances, the issued certificate will not contain a Common Name (CN) field. This change will be made in Let’s Encrypt’s Staging Environment on 2023-11-08....
on Nov 7, 2023
From letsencrypt.org
Certificate Authority Authorization (CAA) - Let's Encrypt
0 0
CAA is a type of DNS record that allows site owners to specify which Certificate Authorities (CAs) are allowed to issue certificates containing their domain names. It was first standardized in 2013, and the version we use today was standardized in 2019 by RFC 8659 and RFC 8657. By default, every...
on Oct 20, 2023
From letsencrypt.org
DST Root CA X3 Expiration (September 2021) - Let's Encrypt
0 0
Update September 30, 2021 As planned, the DST Root CA X3 cross-sign has expired, and we’re now using our own ISRG Root X1 for trust on almost all devices. For more details about the plan, keep reading! We have also updated our Production Chain Changes thread on our community forum - our...
on Oct 15, 2023