Let’s Encrypt Expects 215 Million Websites To Be Using Their tls Certificate in 2019


More than 150 million domains are now using Let’s Encrypt‘s tls certificates. As Let’s Encrypt is expecting significant further growth in 2019, it would be likely to expect a growth this year up to 215 million fully qualified domains.

Let’s Encrypt helps to drive HTTPS adoption by offering a free, “easy to use,” and globally available option for obtaining the certificates required to enable HTTPS. The legal entity behind the Let’s Encrypt initiative is the Internet Security Research Group, or ISRG.

The Let’s Encrypt initiative took the first tls certificate into use in 2015. The aim is to make every website accessible via HTTPS by providing it free of charge and by making it easy to implement. The organizations behind the Let’s Encrypt initiative include Mozilla, Cisco, Akamai, EFF, IdenTrust and researchers from the University of Michigan.

Multi-Perspective Validation

The web went from 67% encrypted page loads to 77% in 2018, according to statistics from Mozilla. Let’s Encrypt has to share the credits for enhanced security awareness on the Internet with other organizations and communities that are also doing great work to promote HTTPS adoption. For example, browsers are now making their users more aware of the risks associated with unencrypted http (e.g. Chrome, Firefox). Also, hosting providers and CDNs are starting to make it easier to use HTTPS, while government agencies as well would be waking up to the need for stronger security to protect constituents.

In 2018, Let’s Encrypt introduced several new features, including ACMEv2 support and wildcard certificates. They’ve already got some new features planned for 2019.

The new feature for 2019 they’re most excited about is multi-perspective validation. Currently, when a subscriber requests a certificate, Let’s Encrypt validates domain control from a single network perspective. With the solution they intend to deploy in 2019, multi-perspective validation, multiple network perspectives (distinct Autonomous Systems) will be checked. This means that potential BGP hijackers will need to hijack multiple routes at the same time in order to pull off a successful attack. Let’s Encrypt is now working with a research team at Princeton to design the most effective multi-perspective validation system they can. Parts of this new feature are already turned on in Let’s Encrypt’s staging environment.

Up-to-date statistics on Let’s Encrypt current user volume and growth perspective can be found on the Let’s Encrypt website.