HTTPS is now considered to be a base standard for website security. You can always check if a website is using the latest encryption standards to secure your communication by checking out its HTTPS certificate.
Let’s Encrypt, a site that provides such free certificates, has issued a billion of them since its launch in 2016. The non-profit is operated by the Internet Security Research Group (ISRG), with members such as Mozilla Foundation, Akamai Technologies, Electronic Frontier Foundation (EFF), and the University of Michigan.
HTTPS certificates issued by Let’s Encrypt are valid for just 90 days. However, the site provides automation tools to manage renewals automatically for your site.
The firm said in a span of two and a half years it had quadrupled the number of sites it’s serving:
In June of 2017 we were serving approximately 46M websites, and we did so with 11 full time staff and an annual budget of $2.61M. Today we serve nearly 192M websites with 13 full time staff and an annual budget of approximately $3.35M.
Last year, the company said it issued 1 million certificates every day.
Let's Encrypt issues around 1 million certificates each day. Each of these is a win for a more encrypted Web!
— Let's Encrypt (@letsencrypt) January 22, 2019
However, all is not well in the cyberland. As ZDNet noted, hackers have used Let’s Encrypt certificates in the past to mask websites designed for phishing. After that, the firm has taken steps for better domain validation to avoid bad actors misusing certificates.
Last week, Apple announced that it’ll reject any HTTPS certificate in Safari valid for more than 13 months, starting September 1. So, certification authorities such as Let’s Encrypt that offer automation tools will become more important for website admins.
Pssst, hey you!
Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.