When Let's Encrypt was founded at the end of 2014 it had a lofty goal: promote the use of TLS everywhere by making certificates free and server configuration painless. It was noted that for many web administrators, for both large and small sites, TLS was seen as expensive, difficult to configure, and slow. With that headwind, the return on investment was seen as too low to bother unless you were handling financial or other sensitive information. As it does, web security quickly evolved in the ensuing years. Firesheep, Snowden, and Google page ranking: these are just a few things that have changed how people think about the importance of encrypting everything online. And services like Let's Encrypt and Akamai deal with the problems head on, reducing the pain of Internet security tremendously.
Let's Encrypt has just transitioned from beta into general availability. At this important milestone, it is helpful to step back and take stock - Where are we? Did we reach our goals?
To date, Let's Encrypt has issued over 1.3 million certificates. For some perspective, that makes them the third largest certificate authority (CA) on the planet. But are those certificates being used and having an effect on the adoption of TLS/HTTPS?
Check this out from Mozilla:
Mozilla report that the growth of HTTPS has increased four-fold since Let's Encrypt was launched.
That is the change the we were looking for. I could say "Mission Accomplished", but that would be misleading and will permanently be associated with premature flight deck declarations. Instead I will say "mission proceeding according to plan." Let's Encrypt is executing and the Internet community is participating enthusiastically.