February 27, 2020 Let's Encrypt Free Certificate Authority
In a celebratory press release, project representatives recall that the previous anniversary of 100 million issued certificates was celebrated
Let's Encrypt played a very important role in making HTTPS certificates a utility standard, and strong traffic encryption becoming a perfect norm on the Internet.
Beta testing of the innovative Let's Encrypt certificate authority began in December 2015. A unique feature of the new center was that the process of issuing certificates was initially fully automated.
Automatic configuration of HTTPS on the server occurs in two stages. In the first step, the agent notifies the CA of the server's administrator rights to the domain name. For example, validation might involve creating a specific subdomain, or installing an HTTP resource with a specific URI within a domain.
Let's Encrypt identifies the web server running the agent by its public key. The public and private keys are generated by the agent before the first connection to the CA. During automatic verification, the agent performs a number of tests: for example, it signs the received one-time password with a public key and presents an HTTP resource with a specific URI. If the digital signature is correct and all tests are passed, the agent is granted the rights to manage certificates for the domain.
In the second step, the agent can request, renew, and revoke certificates. To automatically issue a certificate, a challenge-response (challenge-response, challenge-response) class authentication protocol called the Automated Certificate Management Environment (ACME) is used. All manipulations with the certificate are carried out without stopping the web server using the ACME client
The Importance of Let's Encrypt
Let's Encrypt has revolutionized a market previously dominated by commercial CAs. They are now almost out of the DV (Domain Validation) certificate business, although they continue to sell Organization Validation (OV) and Extended Validation (EV) certificates that Let's Encrypt does not issue. because they can't be automated. However, this is a niche product, and free Let's Encrypt certificates reign supreme in the mass market.
Let's Encrypt has made it a standard to automatically reissue certificates. Despite their short lifespan (90 days), the automatic procedure eliminates the "human factor" that traditionally represents a major security vulnerability. Domain administrators often simply forget to renew certificates, causing services to fail. The last such incident happened with Microsoft Teams. On February 3, 2020, this collaboration service went offline
Automatic replacement of certificates using the ACME protocol eliminates the possibility of such incidents.
Although the Let's Encrypt project serves half the Internet, in the physical world it is a small non-profit organization: βIn these two and a half years, our organization has grown, but not much! they write. βIn June 2017, we hosted approximately 46 million websites with 11 full-time employees and an annual budget of $2,61 million. Today, we operate nearly 192 million websites with 13 full-time employees and an annual budget of approximately $3,35 million. This means we are serving over four times as many sites with just two additional employees and a 28 percent increase in budget.β
The project is supported through
By now, HTTPS has become the de facto standard on the internet. Since last year, major browsers have been warning users about the dangers of connecting to sites that do not encrypt traffic over HTTPS. Let's Encrypt is credited with such a change in the security landscape.
On top of that, Let's Encrypt is literally
βAs a community, we have done incredible things to protect people online,β reads the
Source: habr.com