New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Lets Encrypt Milestone: Half a Million issued certificates!
https://i.imgur.com/9OTpdYH.png
https://letsencrypt.org/stats/?500k
The counter is at 499842K something, but that seems to be lagging. I'm amazed by Let's Encrypt and what it already has reached!
Comments
Sorry if my post feels like I am killing the fun, but I wonder why cacert never got approved by the major browser vendors. I mean, this idea wasn't new and they have been around a lot of years, but nobody supported them.
Silicon Valley backing & post-Snowden times likely.
You're amazed that freetards will swarm around a free version of something that's usually at least $5 a year?
I am excited to see stats how many people renew their cert after the first 3 months now in february. Their idea was to force people to automate everything so they said 3 month validity is enough. But their official client sucks and auto-update workflows are somewhat annoying to configure (though the idea of doing so is great), so let's see how many of the 500k are still valid in march.
Who is selling $5 USD a year for 3 months SSL? AFAIK, Comodo 90 days trial SSL is always Free.
But the name "Comodo free trial SSL" isn't much attractive for people, I guess.
These numbers will increase with time as more and more web host (shared hosts) will start offering these certificates through cPanel.
Few days ago I received an email regarding availability of certificates in cPanel from SiteGround hosting.
Here is the link https://www.siteground.com/blog/lets-encrypt/.
Let's encrypt is great. I use a certificate for my mail server which otherwise wouldn't have a certificate.
Since you have to have a valid certificate with PHP 5.6 to send mails through smtp this came very handy.
I really want open source plugins for cPanel, Directadmin and plesk. Usage will thrive then even more
I am still confused about why anyone cares about the source of the SSL certificate for most uses. How many consumers actually look at the certificate?
The following statements have no source or actual data behind them. They are my own thoughts, so please do not quote them elsewhere, and do not interpret them as if they were actual facts:
I suspect that 0.001% of users actually look for the padlock icon in their browser address bar, even for websites where it is important - online banking, online shopping with credit card entry, etc.
I suspect that 99.99% of web browser users who actually know enough to look for the padlock icon in the address bar just keep going without ever examining the certificate. The padlock icon is sufficient for them. A few may also look at the URL in the address bar to verify that they are at PayPal.com and not PayPal.example.com.
My hypothesis is that any SSL certificate that causes the user's browser to display a padlock icon in the address bar will be sufficient for 99.9999% of users, independent of the certificate authority who signed it or the type of certificate it is (even if the certificate says "Comodo free trial SSL").
Note: There are special exceptions, where the target audience is security-savvy. In my opinion, they are very rare.
If you're a manager at a business, you optimize against butthurt, not against cost. If the superWowExtraSecureInsurance!!111!!!1 certificate means nobody can tell you you f*cked up in case something goes wrong, that's your choice.
when everyone has https , http will for geek only.
+1
partial: https://letsencrypt-for-cpanel.com/open-source
Chrome is going to flag http sites now so plain http is on its way out.
I know that I quickly reached the five certificate maximum during testing. It might seem inconsequential, but if everybody used their five while setting it up, then the number of users is much lower...
Implementations like Caddy request different certificates for each subdomain, instead of a unified certificate, so that further reduces the reliability of using the number of issued certs to estimate the number of users.
I'd be curious to see how many unique (second-level) domains received certificates, and then the renewal rate over time. The first figure doesn't account for users with multiple domains (which I'm guessing is pretty high, at this stage), but it at least gives a better indication of how many of these issued certificates are/should be out in the wild.
That's a great adoption rate! May want to give this a shot myself actually, though getting $4.99/year certs from @miTgiB is easy as well.
I think with time most control panels will natively support Let's Encrypt. It will save me a lot of money and most of these certificate providers will probably close as a result.
Nah, just more of them will provide a more generous free tier with e.g. single-domain 1-year certificates becoming universally available, and the providers then trying to upsell you a multi-domain multi-year paid one.
That would be surprising, because the paid certs typically come with a guarantee. I think we'll see a reinvention of the "green bar", and/or CAs pushing that guarantee, along with a higher value for validation.
It's not helpful to see that paypal.example.com is "secure" - it's actually misleading - and I think this is the next area of safe browsing to tackle. I do not think that it will be free.
I saw that indeed, but sadly not a point and click plugin....
Well the plugin is point and click, just not the part they open sourced
Direct Admin panel is gonna support this in 1.50 version as standard, so 1 Million would be easy
Im waiting for my nodes and vps'es for this update and im sure that many people are waiting for this release too so lets encrypt here we come
Do you have brain damage?
Have LetsEncrypt certs on all my boxes courtesy of this lovely Puppet module, complete with auto-renew cron - I never have to pay for an SSL cert again (not that I ever have, thank you StartSSL!).
This is the only piece of code I need:
class custom::profile::letsencrypt { include ::letsencrypt ::letsencrypt::certonly { $::fqdn: plugin => 'webroot', webroot_paths => [$::custom::profile::apache::vhost_docroot], manage_cron => true, additional_args => ['> /dev/null'], } }And in my actual server manifests:
include ::custom::profile::letsencryptMust salute the LetsEncrypt initiative too - it's about time HTTPS got prioritised, and while commercial SSL certs will (and should) never die, free SSL for the masses is one step towards "encrypt all the things".
Letsencrypt is finally usable thanks to DNS based ownership verification and https://github.com/Neilpang/le which doesn't require sudo/root. I hate the official, auto updating client. Rings all sort of alarm bells in my head, at least when I'm wearing my tinfoil hat.