10 Years of Let's Encrypt Certificates
Let's Encrypt is ten years old. It's changed the web for the better.
Ten years of Let’s Encrypt is an enormous achievement:
“Our biggest goal was to make a concrete, measurable security impact on the web by getting HTTPS connection prevalence to increase—and it’s worked. It took five years or so to get the global percentage from below 30% to around 80%, where it’s remained ever since. In the U.S. it has been close to 95% for a while now.”
It’s hard to overstate how important this was. Obtaining and installing the security certificates needed to secure a website used to be fairly expensive and a really annoying process. The genius of Let’s Encrypt was to make it completely automatic — and, through that innovation, free. Tools like the EFF’s companion software certbot effectively make it one-click. In combination, the baseline work of securing a website is reduced to almost nothing, which has truly democratized the encrypted web.
A decade ago, only organizations with money, patience, and technical support could reliably encrypt their sites. Everyone else — small nonprofits, bloggers, community groups, activists — were effectively told that their work wasn’t important enough to deserve confidentiality. Let’s Encrypt leveled that playing field.
Encryption by default means an activist running a climate-justice community in rural America gets the same protections as a Fortune 500 company. It means dissident organizers can share safely. It means independent journalists and small newsrooms can protect their readers as well as the global giants can. When you make security universal, you empower the people who historically have had the least of it.
Beyond privacy, encryption secures the integrity of the web itself. Without HTTPS, your ISP can modify pages in transit — and they have. In 2014, Comcast was caught injecting JavaScript warnings into unencrypted webpages. Verizon inserted unique tracking headers into customer traffic. Hotel and airport WiFi networks routinely injected ads into pages users were trying to read. Let’s Encrypt made eavesdropping harder and made the web tamper-proof. When you load a page over HTTPS, you can trust you're seeing what the publisher intended, not what someone along the way decided to insert.
Ten years in, Let’s Encrypt has proven that critical internet infrastructure can be free, open, and sustained through community support rather than extraction. Here's to the next decade of that model, and to a more private, safer web.
[Link]
