100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Let's Encrypt

By Internet Security Research Group (ISRG)

IntermediateService4.7K learners

Let's Encrypt is a free, automated certificate authority (CA) that issues domain-validated TLS/SSL certificates, making HTTPS encryption accessible to any website operator without cost or manual paperwork.

Definition

Let's Encrypt is a free, automated certificate authority (CA) that issues domain-validated TLS/SSL certificates, making HTTPS encryption accessible to any website operator without cost or manual paperwork.

Overview

Let's Encrypt launched its public beta in December 2015, backed by the Internet Security Research Group (ISRG) with founding sponsors including Mozilla, Cisco, Akamai, and the Electronic Frontier Foundation. Its goal was to remove cost and complexity as barriers to encrypting the web, at a time when purchasing a TLS certificate typically required payment and manual verification. It issues certificates using the ACME (Automatic Certificate Management Environment) protocol, which lets client software prove control of a domain and then automatically request, install, and renew certificates without human intervention. The most common client is Certbot, though the protocol is also built directly into web servers like Nginx, platforms like Cloudflare and Traefik, and hosting services such as Netlify and Vercel. Because certificates are short-lived—90 days by default—renewal is designed to be fully automated, which also limits the damage if a certificate or key is ever compromised. Let's Encrypt only issues domain-validated (DV) certificates, not the extended-validation certificates some enterprises use, but for the vast majority of websites that's all that's needed to enable HTTPS and satisfy modern browser requirements.

Key Features

  • Free, publicly trusted TLS/SSL certificates for any domain
  • Fully automated issuance and renewal via the ACME protocol
  • Short 90-day certificate lifetime that encourages automation and limits exposure
  • Domain validation performed via HTTP, DNS, or TLS-ALPN challenges
  • Wide client support (Certbot, web servers, load balancers, hosting platforms)
  • Backed by major internet infrastructure and browser vendors
  • Rate limits designed to prevent abuse while supporting legitimate high-volume use
  • Open governance under the nonprofit Internet Security Research Group

Use Cases

Enabling HTTPS on personal blogs, small business sites, and side projects at no cost
Automating certificate renewal for large fleets of servers or containers
Securing internal services and APIs with valid, browser-trusted certificates
Powering built-in HTTPS on platforms like Netlify, Vercel, and many managed hosts
Issuing wildcard certificates via DNS-01 challenges for subdomains
Replacing manually purchased and renewed certificates in CI/CD pipelines

Frequently Asked Questions