Let's Encrypt

🌐 Protecting Nonprofits Let's Encrypt serves 57% of .org websites worldwide, which are commonly used by nonprofits. By issuing free, accessible and automated TLS certificates, we make it easy for nonprofits to provide security and privacy for their website users so they can stay focused on their missions. 👥 Real-World Impact According to Center for Democracy & Technology (CDT) CTO, Mallory Knodel, “Billions of people in over 60 countries access the Internet with less censorship and surveillance because Let’s Encrypt hastened the adoption of Web security measures by making certificates easy to obtain.” 💙 Philanthropy's Partner Even the biggest philanthropic organizations trust Let's Encrypt. We serve 36% of the top 50 globally. For large philanthropies, their website is the primary tool they have to communicate their focus areas for future funding as well as the impact they’ve made with past giving. We’re proud of our work helping build a better Internet, but we’re particularly proud that our impact protects those seeking to build a better world. 💙🌐 #NonprofitImpact #CyberSecurity #InternetSafety Read our new blog post by Dan Fernelius on Let's Encrypt's role in supporting the nonprofit ecosystem: https://lnkd.in/eQjJYdHf

Our Let’s Encrypt SRE technical lead, Matthew McPherrin, led a great session at the transparency.dev Summit today! In it he discussed Certificate Transparency, including our experience both as a submitter to CT and a log operator. He also covered why our new #Sunlight log implementation is a good fit not only for us, but also the larger CT ecosystem. Want a refresh on Sunlight? Check out this blog post introducing the new CT log back in March of this year: https://lnkd.in/gQXtSmR7 #CertificateTransparency #CTlogs #TransparencyDevSummit

Proud to see that ARI (ACME Renewal Information) has reached the Last Call stage in the ACME working group at IETF! Huge shoutout to Let’s Encrypt engineer, Aaron Gable for authoring the final draft and working tirelessly to get it to this point. Since March 2023, Let’s Encrypt has been improving our resiliency and reliability via ARI. ARI empowers ACME servers to notify clients when certificates need renewal, cutting down workloads and improving efficiency. This is a key step toward the future of smoother, automated web security, as it sets Subscribers up for success in terms of ideal renewal times, regardless of the length of the certificate lifetime. Interested in exploring ARI? Take a look at Let’s Encrypt Subscriber Tailscale’s experience adopting ARI and read our guide for engineers on how to integrate ARI into existing ACME Clients. Additional links in the comments! https://lnkd.in/gSisHqgS

Our Let's Encrypt SRE Technical Lead, Matthew McPherrin, will be leading a session at the transparency.dev Summit in London on Thursday 10/10 at 10:00AM (BST). He’ll dive into #CertificateTransparency from the perspective of Let's Encrypt, both as a submitter and a log operator. Matthew will also discuss our new Sunlight log implementation and why it’s a strong fit for Let's Encrypt and the broader CT ecosystem. The talk will be streamed live here: https://lnkd.in/g4XccrxU

Today we’re announcing our intention to end OCSP support in favor of Certificate Revocation Lists (CRLs). This change to a more privacy-respecting and efficient method of checking certificate revocation will help mitigate significant privacy concerns and free up considerable Let’s Encrypt resources that will soon be better spent on other aspects of our operations. Websites and the people who visit them will not be affected by this, but some non-browser software might be. Learn more about the change and the estimated timeline: https://lnkd.in/g3822p8F

Today we’re announcing our intention to end OCSP support in favor of Certificate Revocation Lists (CRLs). This change to a more privacy-respecting and efficient method of checking certificate revocation will help mitigate significant privacy concerns and free up considerable Let’s Encrypt resources that will soon be better spent on other aspects of our operations. Websites and the people who visit them will not be affected by this, but some non-browser software might be. Learn more about the change and the estimated timeline: https://lnkd.in/g3822p8F

Bob Lord, we couldn't agree more! 👍

We are thrilled to announce that we’ve deployed ntpd-rs in the Let’s Encrypt infrastructure! Ntpd-rs is a secure, memory safe implementation of the Network Time Protocol (NTP), which is critical for maintaining accurate system time across operating systems. This deployment marks a crucial step in safeguarding our systems against vulnerabilities inherent in traditional languages like C and C++. Launched in 2020, ISRG’s Prossimo project aims to transition essential Internet software to memory safe alternatives. In addition to ntpd-rs, some other Prossimo initiatives include the Rustls TLS library, Hickory DNS, River reverse proxy, sudo-rs, and Rust support for the Linux kernel. This ntpd-rs deployment is just the beginning. Over the coming years, we plan to replace more C/C++ components with the above memory safe solutions. 🔗 Learn more in our latest blog post: https://lnkd.in/gW6ffprN

Congrats to Prateek Mittal for receiving the Association for Computing Machinery (ACM) Grace Murray Hopper Award! 👏 We're proud to be partnering with CITP Princeton to help bolster Internet security. 🌐

Our sibling project, Prossimo, has its own page! Give it a follow for all things memory safety.