Let’s Encrypt Reaches a Milestone of One Millionth Encryption Certificate

Let's Encrypt issued 1 millionth certificate around three months ago when it launched as a public beta service. The number of encrypted domains using Let's Encrypt certificates is actually 2.5 million because one certificate can cover several domain names.

One of the founding members of Let's Encrypt, namely EFF, said that 90% of these domains had never used HTTPS encryption before. It means that service of free certificate of Let's Encrypt has had main impact in getting web developers to encrypt their websites.

HTTP domains are excessively vulnerable, which create obstacle for those trying to generate secure and open internet. According to Eckersley, presently these vulnerable sites rule the majority of the internet - approximately 58%. While some web browsers, such as Firefox and Google Chrome, have started informing users whether they are on an unencrypted insecure domain or not, HTTP is the default protocol every time a new domain is created. Inverse.com posted on March 8th, 2016, stating that this is a problem whenever owners want to guard their sites and its visitors from threat.

However, Let's Encrypt has played a big role in making the transition easy from insecure HTTP protocol to HTTPS, there have been many other factors which resulted the recent high adoption of HTTPS.

Otherwise, those developers might not have adopted HTTPS encryption so fast because of comparatively higher cost and difficulty to install the certificate. Let's Encrypt is absolutely free and easy to install, and can be renewed automatically every three months.

It is clear that many websites were continuing with the insecure HTTP protocol even after knowing that HTTPS needs to be default because of the cost and official procedure to obtain certificates.

But all things are not positive, as certificates of Let's Encrypt have also been harmed in malware campaigns. Criminals harm them because certificates can be obtained in a matter of minutes, which permit unidentified registration.

Trend Micro reported one such incident in early January when a certificate of Let's Encrypt was used for a malvertising campaign, which was spreading the Vawtrack banking Trojan.

» SPAMfighter News - 3/16/2016