Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web

Let's Encrypt is a free, open, and automated HTTPS certificate authority (CA) created to advance HTTPS adoption to the entire Web. Since its launch in late 2015, Let's Encrypt has grown to become the world's largest HTTPS CA, accounting for more currently valid certificates than all other browser-trusted CAs combined. By January 2019, it had issued over 538~million certificates for 223~million domain names. We describe how we built Let's Encrypt, including the architecture of the CA software system (Boulder) and the structure of the organization that operates it (ISRG), and we discuss lessons learned from the experience. We also describe the design of ACME, the IETF-standard protocol we created to automate CA--server interactions and certificate issuance, and survey the diverse ecosystem of ACME clients, including Certbot, a software agent we created to automate HTTPS deployment. Finally, we measure Let's Encrypt's impact on the Web and the CA ecosystem. We hope that the success of Let's Encrypt can provide a model for further enhancements to the Web PKI and for future Internet security infrastructure.

[1]  Adrienne Porter Felt,et al.  Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors , 2017, CCS.

[2]  Deepak Kumar,et al.  Tracking Certificate Misissuance in the Wild , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[3]  Bruce M. Maggs,et al.  CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[4]  Narseo Vallina-Rodriguez,et al.  A Tangled Mass: The Android Root Certificate Stores , 2014, CoNEXT.

[5]  Richard Barnes,et al.  Automatic Certificate Management Environment (ACME) , 2019, RFC.

[6]  Karthikeyan Bhargavan,et al.  Formal Modeling and Verification for Domain Validation and ACME , 2017, Financial Cryptography.

[7]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[8]  Donald Eastlake rd,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011 .

[9]  Sean Turner,et al.  Transport Layer Security , 2014, IEEE Internet Computing.

[10]  Dan Harkins,et al.  Enrollment over Secure Transport , 2013, RFC.

[11]  Donald E. Eastlake,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011, RFC.

[12]  Torben Weis,et al.  Domain Impersonation is Feasible: A Study of CA Domain Validation Vulnerabilities , 2019, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[13]  Alfredo Pironti,et al.  A Messy State of the Union: Taming the Composite State Machines of TLS , 2015, 2015 IEEE Symposium on Security and Privacy.

[14]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) , 2005, RFC.

[15]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[16]  Jim Schaad,et al.  Certificate Management over CMS (CMC) , 2008, RFC.

[17]  Vern Paxson,et al.  An Analysis of China's "Great Cannon" , 2015 .

[18]  Ben Laurie Certificate Transparency , 2014, ACM Queue.

[19]  C. Jackson,et al.  Towards Short-Lived Certificates , 2012 .

[20]  Jennifer Rexford,et al.  Bamboozling Certificate Authorities with BGP , 2018, USENIX Security Symposium.

[21]  Kenneth G. Paterson,et al.  Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[22]  Tudor Dumitras,et al.  Analysis of SSL certificate reissues and revocations in the wake of heartbleed , 2014, Internet Measurement Conference.

[23]  Burton S. Kaliski,et al.  PKCS #10: Certification Request Syntax Specification Version 1.7 , 2000, RFC.

[24]  Sid Stamm,et al.  Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL , 2010 .

[25]  Kasten,et al.  Server Authentication on the Past, Present, and Future Internet , 2015 .

[26]  Richard L. Barnes,et al.  Internet Engineering Task Force (ietf) Use Cases and Requirements for Dns-based Authentication of Named Entities (dane) , 2022 .

[27]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[28]  Phillip M. Hallam-Baker,et al.  DNS Certification Authority Authorization (CAA) Resource Record , 2019, RFC.

[29]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[30]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[31]  Martin Shelton,et al.  The Web's Identity Crisis: Understanding the Effectiveness of Website Identity Indicators , 2019, USENIX Security Symposium.

[32]  Phillip M. Hallam-Baker,et al.  DNS Certification Authority Authorization (CAA) Resource Record , 2019, RFC.

[33]  Vincent Drury,et al.  Certified Phishing: Taking a Look at Public Key Certificates of Phishing Websites , 2019, SOUPS @ USENIX Security Symposium.

[34]  Prateek Mittal,et al.  Using BGP to Acquire Bogus TLS Certificates , 2017 .

[35]  Roland Shoemaker,et al.  ACME TLS ALPN Challenge Extension , 2019 .

[36]  Edgar R. Weippl,et al.  "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS , 2017, USENIX Security Symposium.

[37]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[38]  Adam Langley,et al.  Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension , 2014, RFC.

[39]  Zhuoqing Morley Mao,et al.  Internet Censorship in China: Where Does the Filtering Occur? , 2011, PAM.

[40]  Bodo Möller,et al.  This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 .

[41]  Adam Barth,et al.  The Web Origin Concept , 2011, RFC.

[42]  Christof Paar,et al.  DROWN: Breaking TLS Using SSLv2 , 2016, USENIX Security Symposium.

[43]  L. J. Camp,et al.  A Complete Study of P.K.I. (PKI’s Known Incidents) , 2019, SSRN Electronic Journal.

[44]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[45]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[46]  Adrienne Porter Felt,et al.  Fixing HTTPS Misconfigurations at Scale: An Experiment with Security Notifications , 2019 .

[47]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[48]  Dan S. Wallach,et al.  On the Usability of HTTPS Deployment , 2019, CHI.

[49]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[50]  Georg Carle,et al.  Mission accomplished?: HTTPS security after diginotar , 2017, Internet Measurement Conference.