Let's Encrypt Has Issued a Billion Certificates

Let's Encrypt, writing in a blog post: We issued our billionth certificate on February 27, 2020. We're going to use this big round number as an opportunity to reflect on what has changed for us, and for the Internet, leading up to this event. In particular, we want to talk about what has happened since the last time we talked about a big round number of certificates - one hundred million. One thing that's different now is that the Web is much more encrypted than it was. In June of 2017 approximately 58% of page loads used HTTPS globally, 64% in the United States. Today 81% of page loads use HTTPS globally, and we're at 91% in the United States! This is an incredible achievement. That's a lot more privacy and security for everybody.

Another thing that's different is that our organization has grown a bit, but not by much! In June of 2017 we were serving approximately 46M websites, and we did so with 11 full time staff and an annual budget of $2.61M. Today we serve nearly 192M websites with 13 full time staff and an annual budget of approximately $3.35M. This means we're serving more than 4x the websites with only two additional staff and a 28% increase in budget. The additional staff and budget did more than just improve our ability to scale though - we've made improvements across the board to provide even more secure and reliable service.

Next big round number

[rmdingler]

Anyone else think of Over 99 billion sold. [marketplace.org]

$0.01 / certificate

[im_thatoneguy]

For the record $3.33million each year for 3 years... $10 million total, works out to about $0.01 per certificate.

By comparison I think the last Verisign certificate I bought was like $300 for 4 years.

Definitely a cause that is worthy of a donation!

Re:

[ahodgson]

Yep. Although basic SSL certs were already down to like $7 or $8 a year before LE came along.

LE makes automating the whole process super easy too.

Re:

[AmiMoJo]

To be fair they are not the same thing. Verisign does some tiny, minimal amount of checking into the identity of the certificate buyer, Let's Encrypt does not.

For the web that check is largely irrelevant now because all the major browsers have stopped caring. Chrome and Firefox don't show the identity details by default any more, they are hidden behind some clicks. Turns out that Verisign was pretty shit at doing those checks anyway so the info wasn't reliable anyway.

Where you do still need to pay Verisign

Re:

[arglebargle_xiv]

What started it was the overwhelming tide of complaints that the only way the browser vendors would give you permission to encrypt, which is what a certificate does, was to pay someone for the privilege. There's another free CA, CACert, that the browser vendors spent over fifteen years blocking from getting into browsers. It was only when the clamour got too much to keep ignoring that they set up Let's Encrypt to issue encryption permits and silence the criticism.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[AmiMoJo]

Well you may recall that it used to be right there in the URL bar where users were trained to look for security info. So yeah they nerfed it.

And the downside to HTTPS everywhere

[Anonymous Coward]

One thing that's different now is that the Web is much more encrypted than it was.

And the downside to that is that content disappears off the internet much more quickly, never to be seen again.

I was trying to research a particular 3D printer mainboard last night and about 90% of the links in Google search results went to https:// URLs whose certificates are no longer valid. "Modern" browsers are hiding the "Accept the risk and continue" options, those same URLs were not accessible via the http:// method, and Google search results didn't offer the "cached version" option. So... content lost. Forever.

Re:

[JcMorin]

I don't see why you could not visite a site with expired certificat and/or why the caching would not work for https vs http.

Re:

[SignOfZeta]

The web site owner enabled HSTS, which disables insecure fallback.

Re:

[Waccoon]

Chock that up to backwards compatibility not mattering anymore. Funny how the IBM PC rose to dominance on that note, and you can still find 20-year-old software that will work just fine on a modern system. But, stuff released just last year will completely blow up.

HTTPS and encryption is nice. Forcing everyone to use it for their own good... not so much.

Re:And the downside to HTTPS everywhere

[whoever57]

and you can still find 20-year-old software that will work just fine on a modern system.

I have some Windows 3.x software that can only be run under Wine. The last version of Windows that it ran on was NT.

Re:

[Waccoon]

I still use Photoshop 5.5 regularly, released in 1999. I have games from the late 90's that work fine. Most of the stuff that doesn't work today did really idiotic things, like hard-coding for a specific version of a library or use those various "slurping" techniques to allocate as much memory as possible when the application didn't need it. Many of those programs will work just fine if you enable the correct emulation modes.

20 years isn't as long ago as you think.

Re:

[ebvwfbw]

...

20 years isn't as long ago as you think.

You're kidding, right? The world we live in today people 20 years ago would think you're mad. I go to work with a laptop that I use as a desktop. It's about 1.5 Lbs and docks up. I also carry another laptop for my personal stuff. I have an Ipad to help me get to work with Waze and I have two phones. One for the business, one personal. 20 years ago I think I had a flip phone.

Software has come a long way. Both operating systems and applications. 20 years ago they still thought Java was great. Today it's like

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

You're not using their walled garden right. We spent years saying you should read the address bar, and what does every browser do now?

Brave on Android is awful. If you click in the address bar, it actually hides the address!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[AmiMoJo]

Which 3D printer mainboard?

Chances are those pages are available on archive.org without certificate issues.

Re:

[twocows]

"Modern" browsers are hiding the "Accept the risk and continue" options

I hate this. This shouldn't be a thing. If HSTS isn't enabled, I should always have an option to bypass. And speaking of HSTS, it's overused like crazy. You don't need it on your fucking blog (yes, I have actually been unable to access a BLOG because of this). It belongs on government and banking logins and other stuff that requires high security. Websites with low security requirements should generally allow HTTP fallback to increase c

Re:

[Martin Blank]

HSTS doesn't prevent you from ignoring the warning and loading the page anyway. You have to click a link in Chrome and Firefox to get to the ability to bypass, but it's still there. You're likely thinking of HTTP Public Key Pinning (HPKP), which browsers would use as a reason to block access completely when there was a mismatch, and which Chrome and Firefox no longer support.

Re:

[account_deleted]

Comment removed based on user account deletion

Majority to phishing websites.

[Swistak]

Absolute majority of them were for scamming and phishing websites. https://www.thesslstore.com/bl... [thesslstore.com] 14000 confirmed just for paypal, but that's just a drop in the ocean.
Even my company which is a big nobody with 40k users, was spear phished last month using a lets encrypt verified domain.
What needs to be done is the same thing that happened to self signed certs - big yellow warning when you use one.

Marjority Scammer? are you crazy?

[JcMorin]

Do you really think they issue a billion of certificates and most of them are for frauds? Come on! The idea is not to protect the bad guy but to make it free to everyone!

Re:

[Anonymous Coward]

I find it just precious that someone selling certs writes a blog post about big bad LetsEncrypt correctly issuing certs to valid domains for free.

If you have a problem, it's with domain registrars issuing domain names. Your problem is not with LetsEncrypt issuing certs for valid domains.

Re:

[superposed]

This can't really be stopped at the domain registrar level, since owners of any domain can create a "www.paypal.something" host within it that now shows up as a "secure" site, e.g., the blog entry shows a convincing graphic of

"Secure | https://www.paypal.notificatio... [yaraneaftab.ir]"

(it looks more convincing in the browser but I can't embed the image [thesslstore.com] here).

Free certs aren't a problem if...

[Solandri]

Free certs aren't a problem if each person is limited in the number they can get. Legitimate users will use the same certs for years, so don't need that many. OTOH, scammers will cycle through new certs rapidly as old ones get banned or revoked. High cert prices tempered this behavior by scammers because it cost them a lot of money to burn through certs that quickly. Lowering cert prices removes that barrier.

Unfortunately, one of the downsides of allowing anonymity on the Internet is that it's impossible to somehow throttle the number of certs an individual can get. Because people can be anonymous, you do't know who is using them. So while lowering the price of certs is a laudable goal, it has the unintended side-effect of giving scammers feigned legitimacy. It removes one of the barriers protecting against scammers abusing the system, without replacing it with anything.

The system used to work because of the price disparity between domains and certs. Domains were cheap so anyone could make a website. But if you wanted to business online, you needed a cert, which was expensive. That presented a financial barrier to scammers. But with the web moving to everything being https, everyone making a website needs to have a cert. Which breaks this cheap/expensive dichotomy which used to protect us (somewhat) from scammers. I absolutely agree certs need to be cheap in a https-everything world. But I can't think of any obvious way to solve this and restore some of the protection that expensive certs used to provide us.

Re:

[AmiMoJo]

Using certificates to verify identity never worked properly. It was the Certificate Authority coolaid, their justification for paying them large sums of money.

All modern browsers have deprecated certificates as a means of verifying identity. They dropped the display of the site owner's name in the URL bar and the green padlock. The identity verification process was flawed and easy to circumvent, and with CAs all over the world it was hard to even come up with proper standards for it. Maybe there is a legiti

Re:

[swillden]

So while lowering the price of certs is a laudable goal, it has the unintended side-effect of giving scammers feigned legitimacy.

Only if you foolishly assume that having a valid cert somehow implies legitimacy, which it never really did. It's true that the IT security community created this problem by trying to teach people to look for the green lock, implying that it actually meant something. This was a misguided attempt to try to get web sites to use TLS -- which actually does increase the security and safety of users on the web -- but in the process it convinced people that TLS means you're "safe", when all it really means is th

Re:

[shanen]

That's exactly what I was thinking, but I want to see the solid numbers. That's a whole LOT of certificates and I can't imagine they have a whole lot of value for most people, though I can certainly see how a large supply of cheap certificates would provide a measure of "authenticity" for scammers.

Re:

[Anne Thwacks]

I think you have this backwards - "having $xxx" is not proof that you are legit. It is not even evidence.

Lets encrypt proves that the website is the one you think it is. In reality, no certificate proves much more. That, and the fact that you might be willing to hand over cash to get credibility, are the only two things a certificate can prove.

To get back to the basic truth - the whole certificate process was put there to make money for Verisign and their ilk.

The "web of trust" - which actually would h

Re:

[shanen]

If there is no cost to acquiring the security certificates, then there is no penalty for abusing the trust that the certificates are supposed to create. In addition, there are no resources to investigate if the certificates are being given to criminals for nefarious purposes.

In other words, you generally get what you pay for.

Typosquatting and homoglyph squatting

[tepples]

Lets encrypt proves that the website is the one you think it is. In reality, no certificate proves much more.

Only if the domain name itself is correct.

Owning the domain name gogle.com and having a DV certificate for gogle.com does not mean you speak for Google.
Owning the domain name bankofarnerica.com and having a DV certificate for bankofarnerica.com does not mean you speak for Bank of America.
Owning the domain name fami.com and having a DV certificate for fami.com does not mean you speak for Nintendo.

Typos and homoglyphs like this have routinely been used to phish people.

Re:

[blane.bramble]

This is the flaw with the implementation and use case of SSL certificates. Unfortunately they have been marketed as a way to do two completely separate tasks:

1) verify a site is authentic and 2) encrypt the data in transit.

This should never have happened, particularly as Google et al. decided that 2) was the important bit and they would enforce this upon everyone whether they needed it or not.

An SSL certificate / HTTPS link tells you nothing about point 1) - arguably it never has done (even with fully verif

Re:

[tlhIngan]

Absolute majority of them were for scamming and phishing websites. https://www.thesslstore.com/bl... [thesslstore.com] confirmed just for paypal, but that's just a drop in the ocean.
Even my company which is a big nobody with 40k users, was spear phished last month using a lets encrypt verified domain.
What needs to be done is the same thing that happened to self signed certs - big yellow warning when you use one.

It's sort of funny, but if it was any ordinary CA, if they issued that many scammy certificates, we'd be calling fo

Re:

[AmiMoJo]

This is a user problem, not an issue with Let's Encrypt.

The certs they issue do not "verify" anything beyond that the server is the one for that domain. They are purely for providing a secure HTTPS connection, that's all. They do nothing to check identity.

In Chrome all you get is a little grey padlock. Not even green. You need to educate your users that the grey padlock does not mean it's really PayPal.com or whatever. I think Firefox is the same now.

The padlock was never a good way to tell if a site was le

Re:

[Swistak]

Grey padlock is what they get now, now that LEts encrypt was let to run for a year or two, and they had to remove a green padlock.
I fully suspected this will happen (and you can see it in comments), year ago I was already arguing that this confuses users. Sure some IT pros knows that "Secure" in Https means "encrypted" really, but noone else gives a fuck, they see Green padlock "Secure" connection, and they assume that well... they are secure. I was modded down to obliivion
The thing is ... I lived throug

Re:

[Swistak]

PS. User is never the problem. I had a collegue (IT Admin), arguing this on me. He stopped once he fell for a targeted spear phishing attempt.
Putting a sign on it, or "educating" people is not going to sole a problem, who is supposed to educate "them"?

Re:

[AmiMoJo]

Moves were afoot to get rid of the green padlock and enhanced verification long before Let's Encrypt came along. It was always broken, it never worked as intended.

Re:

[Athanasius]

The padlock was never a good way to tell if a site was legit.

This is true, but unfortunately in the past advice to users was to "look for the padlock icon to be sure the site is legitimate". Naive advice based on assuming the bad guys would never ("now" or in the future) go to the trouble of getting an SSL certificate. And of course the ease of that has now changed so that past advice is now actively harmful.

Re:

[tokul]

> big yellow warning when you use one.

So just remove their root CA from your trust chain.

Re:

[im_thatoneguy]

SSL certs from Verisign or anyone were never a good indication that the subject wasn't a scamming or phishing scheme. Especially a spear phishing scheme since that wouldn't be automated anyway.

Relying on SSL was a bad system. It would be like saying "You can't have an encrypted Wifi network unless you pay Verisign for a certificate and prove your Wifi SSID name is unique to avoid rogue wifi networks being setup near Starbucks.

Let certificates do the one and only thing we know they can do reliably: verify

Comment removed

[account_deleted]

Comment removed based on user account deletion

NSA and GCHQ say nothing

[AHuxley]

so everything is still working just fine for them.

Flashy unbelievable banners

[SciCom Luke]

Imagine to be this guy/girl sitting at a computer working ovetime again, getting a flashing banner with sparkly green text on a pink background:

``you just received the billionth certifiate. Congratula..''

*click away*

``Jeesj, even these guys?''

Short lifetimes

[Kernel Kurtz]

Let Encrypt certs expire after 90 days. There are many ways to automate renewal, and I'm not saying short lifetimes are good or bad, but worth pointing out getting to a billion is going to be faster than if the certs were for a year or two.

Is it still relevant though?

[superwiz]

Isn't encryption mostly a window shade to protect from scrying eyes rather than actual security? Most general-purpose chips are assumed to have backdoors today. So state actors are assumed to be able to observe systems at the source.

Re:

[superwiz]

Buh! I was really tired when I wrote this. I meant "prying eyes" rather than "scrying eyes", of course.