Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Let’s Encrypt Enters Public Beta

Free and open certificate authority (CA) Let’s Encrypt has entered public beta, making it even easier for websites to adopt the HTTPS encryption that the organization has been promoting since its inception.

Free and open certificate authority (CA) Let’s Encrypt has entered public beta, making it even easier for websites to adopt the HTTPS encryption that the organization has been promoting since its inception.

Just months ago, Let’s Encrypt announced the availability of a private beta program, which required interested third-parties to request an invitation before being able to join the testing process. Effective Dec. 3, invitations are no longer required to obtain free certificates from the certificate authority, Josh Aas, ISRG Executive Director, noted in a blog post.

Let’s Encrypt announced that Facebook has become the CA’s newest Gold sponsor, a large vote of support that will help the CA gain momentum.

Proposed by the Electronic Frontier Foundation (EFF) and already backed by tech companies such as Mozilla, Cisco, Akamai, Automattic, the University of Michigan, IdenTrust, and the Linux Foundation (which also hosts the project), the Let’s Encrypt initiative is aimed at encrypting websites to serve them to users’ browsers over Transport Layer Security (TLS). The goal is to ensure that data is safe from eavesdroppers, while also automating the process of obtaining security certificates.

In September, Let’s Encrypt announced the release of its first certificate, and the project received cross-signatures from IdenTrust in October, meaning that its certificates are trusted by all browsers. Last month, the CA automated the certificate installation process, courtesy of a set of scripts made available in open source and which represented the official Let’s Encrypt certificate management ACME client tool.

According to Aas, Let’s Encrypt issued over 26,000 security certificates during the limited beta period. The large number of issued certificates also made it possible for the CA to test the manner in which its systems perform, thus making it possible to move to the public beta stage, he said.

He also explained that the CA will keep the beta tag for the time being, as it still needs to make a series of improvements, especially in on the client experience. The CA aims at automating the certificate issuance and management processes, and it will focus on ensuring that the client works smoothly and reliably on a wide range of platforms.

“It’s time for the Web to take a big step forward in terms of security and privacy. We want to see HTTPS become the default. Let’s Encrypt was built to enable that by making it as easy as possible to get and manage certificates,” Aas said. He also added the having Facebook as a Gold sponsor should help the initiative easier achieve its goals.

Over the past year, the Facebook has been actively involved in supporting and advancing encryption, and the Let’s Encrypt sponsorship is another example of this involvement. “Making it easier for websites to deploy HTTPS encryption is an important step in improving the security of the whole internet, and Facebook is proud to support this effort,” Alex Stamos, Chief Security Officer at Facebook, said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...