Welcome to the Let's Encrypt Resource Hub!

A curated collection of the latest resources and information about Let's Encrypt and web security.

550M+
Websites Protected
100%
Free Certificates
240M+
Active Certificates
10
Years of Service

What is Let's Encrypt?

Let's Encrypt is a free, automated, and open Certificate Authority (CA) run by the nonprofit Internet Security Research Group (ISRG). It provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge, making it possible for websites to enable HTTPS encryption easily. As the world's largest certificate authority, Let's Encrypt is used by more than 550 million websites, significantly contributing to a more secure and privacy-respecting internet.

Key Features

Free Forever

Certificates are provided at zero cost, removing financial barriers to secure websites.

Let's Encrypt's mission is to create a more secure and privacy-respecting web by promoting widespread adoption of HTTPS. By eliminating costs, any website owner can secure their site, regardless of budget constraints.

Fully Automated

Software running on the web server can interact with Let's Encrypt to obtain certificates, securely configure them, and automatically renew them.

The ACME protocol (Automated Certificate Management Environment) enables automatic certificate issuance and renewal without human intervention, significantly reducing the risk of expired certificates and security lapses.

Secure & Transparent

Let's Encrypt serves as a platform for advancing TLS security best practices through both server and client implementation.

All certificates issued or revoked are publicly recorded and available for anyone to inspect through Certificate Transparency logs. This transparency helps maintain the integrity of the web PKI ecosystem and enables rapid detection of misissued certificates.

Open Source & Cooperative

All issuance and renewal protocols are published as open standards that others can adopt.

The ACME protocol developed by Let's Encrypt has been standardized through the IETF as RFC 8555. The Let's Encrypt client software (Certbot) and server software (Boulder) are all open source, enabling community contribution and transparency in operation.

Latest News & Developments

Short-Lived Certificates Coming in 2025

Let's Encrypt has announced a new offering of certificates with a lifetime of just six days, compared to their standard 90-day certificates. This change will enhance TLS ecosystem security by minimizing exposure during key compromise events.

Read More

New Issuance Chains Deployment (June 6, 2024)

Let's Encrypt will switch to using new intermediate certificates on June 6, 2024. Most subscribers won't need to take any action as ACME clients will automatically configure the new intermediates when certificates are renewed.

Read More

OCSP Support Ending in 2025

The Online Certificate Status Protocol (OCSP) support will be phased out beginning January 2025, with complete termination by August 6, 2025. Certificate Revocation Lists (CRLs) will be used for certificate revocation instead.

Read More

10th Anniversary Approaching

Let's Encrypt is approaching its 10th anniversary in 2025, having made significant progress in its mission to secure the web through free certificates.

Read More

Core Resources

  • Official Let's Encrypt Website

    The main website provides comprehensive information about Let's Encrypt services, documentation, and how to get started with obtaining certificates.

  • How It Works

    A detailed explanation of the ACME protocol and how Let's Encrypt validates domain ownership and issues certificates automatically.

  • Let's Encrypt Blog

    The official blog featuring the latest announcements, technical information, and milestone achievements from the Let's Encrypt team.

Technical Information

  • Certificate Chain of Trust

    Information about Let's Encrypt's root certificates (ISRG Root X1 for RSA and ISRG Root X2 for ECDSA) and their intermediate certificates structure.

  • About Let's Encrypt

    Details about Let's Encrypt's founding principles: free, automatic, secure, transparent, open, and cooperative approach to certificate issuance.

  • Let's Encrypt on Wikipedia

    Comprehensive background information about Let's Encrypt's history, technology, and organizational structure.

Getting Started

1

Choose an ACME Client

Certbot is the most popular client, but there are many alternatives depending on your environment.

View Client Options
2

Install the Client

Follow the installation instructions for your chosen client on your server.

Certbot Installation Guide
3

Request a Certificate

Run the client to request and install your certificate automatically.

sudo certbot --apache
4

Verify Automatic Renewal

Ensure that automatic renewal is working correctly on your server.

sudo certbot renew --dry-run

Getting Started Guide

A beginner-friendly guide explaining how to obtain your first SSL/TLS certificate and implement it on your website.

View Guide

Certbot

Information about the recommended ACME client for obtaining Let's Encrypt certificates on Linux web servers with minimal configuration.

Learn About Certbot

Global Usage

Let's Encrypt has become the world's most popular certificate authority, securing websites across all continents.

North America: 32% of certificates
South America: 8% of certificates
Europe: 35% of certificates
Asia: 20% of certificates
Australia: 3% of certificates
Africa: 2% of certificates
World Map

Top 1 Million Websites

Over 20% of the top 1 million websites now use Let's Encrypt certificates

Growth Rate

Certificate issuance has grown by approximately 40% year over year

Market Share

Let's Encrypt holds approximately 60% of the SSL certificate market

Frequently Asked Questions

How long are Let's Encrypt certificates valid?

Standard Let's Encrypt certificates are valid for 90 days from the date of issuance. The short validity period encourages automation and ensures that compromised keys have a limited lifetime. Let's Encrypt recommends configuring automatic renewal to occur when certificates have 30 days of validity remaining.

In 2025, Let's Encrypt will also start offering short-lived certificates with a 6-day validity period for even greater security.

Are wildcard certificates supported?

Yes, Let's Encrypt supports wildcard certificates, which secure a domain and all its first-level subdomains (e.g., *.example.com). Wildcard certificates require DNS-based validation using the DNS-01 challenge type, as this proves control over the entire domain namespace.

Is there a rate limit for certificate issuance?

Yes, Let's Encrypt implements rate limits to ensure fair use of their service:

  • 50 certificates per registered domain per week
  • 5 duplicate certificates per week
  • 5 failed validations per account, per hostname, per hour
  • New orders are limited to 300 per account every 3 hours

These limits are designed to prevent abuse while allowing legitimate usage patterns.

How does Let's Encrypt verify domain ownership?

Let's Encrypt verifies domain ownership through challenges defined in the ACME protocol:

  • HTTP-01 Challenge: Places a specific file at a well-known URI on the web server
  • DNS-01 Challenge: Adds a specific TXT record to the domain's DNS configuration
  • TLS-ALPN-01 Challenge: Uses TLS-based validation for specialized cases

Once verification is complete, Let's Encrypt issues the certificate.

How is Let's Encrypt funded?

Let's Encrypt is funded by sponsors and community donations. Major sponsors include Google, Amazon Web Services, Mozilla, Cisco, Facebook, and OVH. The Internet Security Research Group (ISRG), which operates Let's Encrypt, is a 501(c)(3) nonprofit organization dedicated to reducing financial, technological, and educational barriers to secure communication over the internet.