Nonprofit certificate authority Let’s Encrypt hit a major milestone earlier this month: it issued its three billionth HTTPS certificate.
The Let’s Encrypt project was founded in 2013 to provide websites with free SSL and TLS certificates needed to enable HTTPS and encrypted communications. The organization, run by the Internet Security Research Group (ISRG) and backed by the Electronic Frontier Foundation, issued its first HTTPS certificate in September 2015 for none other than its own domain.
The ISRG announced this week that Let’s Encrypt issued its three billionth certificate earlier this month and is now providing TLS to more than 309 million domains, an increase of 12% compared to the year earlier.
While Let’s Encrypt took five years to issue its billionth certificate, it has reached the three billion milestone just two years later.
The ISRG also revealed in its 2022 annual report that 82% of web pages loaded by Firefox are using HTTPS globally. When Let’s Encrypt was founded, only 38% of website page loads were served over an HTTPS-encrypted connection.
This growth comes as Let’s Encrypt finds itself trusted and integrated by more significant players in the browser, operating system and cloud markets, including Apple, Google, Microsoft, Oracle and more.
So what’s next for Let’s Encrypt? The organization is aiming to make certificate renewal far easier for websites, especially if the organization is forced to revoke a certificate, such as if a website’s server is compromised. Let’s Encrypt was forced to revoke more than three million certificates because of a bug in its domain validation and issuance software in March 2020, and in January this year revoked millions of active certificates due to “irregularities” in the code.
ISRG executive director Josh Aas said its new specification for renewing certificates is “making its way through the IETF standards process so that the whole ecosystem can benefit, and we plan to deploy it in production at Let’s Encrypt shortly.”
Let’s Encrypt’s ultimate goal is to bring the web up to a 100% encryption rate. While we’re still a ways away, this latest milestone suggests it’s more in reach than ever before.