Internet Security Research Group (ISRG), the nonprofit behind Let’s Encrypt, says the open certificate authority (CA) has issued its three billionth certificate this year.
Let’s Encrypt has been providing websites with the X.509 digital certificates needed to enable HTTPS (SSL/TLS) and encrypted communications for free since September 2015, when it issued the first certificate for the helloworld.letsencrypt.org domain.
Starting with August 2018, Let’s Encrypt has been directly trusted by all major browsers and operating systems and all major root certificate programs (including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry).
The free and automated CA allows any domain owner to obtain a trusted certificate at zero cost. Right now, the CA says it issues millions of them daily.
As ISRG revealed today, this has allowed it to reach a new record this year, as it is now providing services to over 300 million websites.
“As of November 1, 2022, Let’s Encrypt provides TLS to over 309 million domains via 239 million active certificates. Let’s Encrypt usage grew by more than 33 million domains in 2022,” ISRG said today in its 2022 annual report.
To get an idea of the scale the CA operates and what pushed its development team to further automate certificate issuing and renewal, in early March 2020, it had to revoke over 3 million certificates due to a bug in its domain validation and issuance software.
That number amounted to roughly 2.6% of the approximately 116 million active certificates it provided to websites worldwide.
Almost two years later, in January 2022, Let’s Encrypt announced it would revoke millions of active SSL/TLS certificates, affecting an estimated 1% of all active Let’s Encrypt certificates.
“Since then, we’ve developed a specification for automating certificate renewal signals so that our subscribers can handle revocation/renewal events as easily as they can get certificates in the first place (it just happens automatically in the background!),” said Josh Aas, ISRG’s Executive Director.
“That specification is making its way through the IETF standards process so that the whole ecosystem can benefit, and we plan to deploy it in production at Let’s Encrypt shortly.”