If you’re following trends on the Internet, you’ll know that Google (and others) are really pushing web encryption. To this end, Let’s Encrypt has really aided in getting sites easier, and quicker encryption. On November 10, the crew were nice enough to do a Reddit AMA, and here are some things I gleaned from that.
Note: I don’t use Let’s Encrypt for cwl.cc, but I should :)
- They don’t plan to offer wildcard certificates – Perhaps a hallmark of versatility, the domain wildcard certificate is also ripe for abuse.
- They now enable TLS for over 15 million unique fully-qualified domain names. That’s an incredibly large number of sites.
- They don’t plan to add support for Organization or Extended Validation certificates. It makes sense because of how hard this sort of validation would be to automate.
- They make it clear throughout that all sites should be encrypted. I don’t agree with that, but it’s a lofty and admirable goal.
- They’re root key is kept offline in a hardware security module. It does seem like they’ve gone to some extreme lengths to keep that secure.
- They’ve blogged about their setup. 38 rack units of hardware. It really doesn’t seem like much for an operation of this scale.
- You can run your own copy of their certificate software. Yep, it’s called boulder.
Some great details there for an AMA that wasn’t exactly popular (by Reddit standards). Clearly, there aren’t a lot of people excited about certification authorities. Let’s Encrypt is playing an important role in bringing encryption to the web, and if you’re looking to add a certificate to your own site, this is a great, free, way to do it.