Let's Encrypt
By Internet Security Research Group (ISRG)
Let's Encrypt is a free, automated certificate authority (CA) that issues domain-validated TLS/SSL certificates, making HTTPS encryption accessible to any website operator without cost or manual paperwork.
Definition
Let's Encrypt is a free, automated certificate authority (CA) that issues domain-validated TLS/SSL certificates, making HTTPS encryption accessible to any website operator without cost or manual paperwork.
Overview
Let's Encrypt launched its public beta in December 2015, backed by the Internet Security Research Group (ISRG) with founding sponsors including Mozilla, Cisco, Akamai, and the Electronic Frontier Foundation. Its goal was to remove cost and complexity as barriers to encrypting the web, at a time when purchasing a TLS certificate typically required payment and manual verification. It issues certificates using the ACME (Automatic Certificate Management Environment) protocol, which lets client software prove control of a domain and then automatically request, install, and renew certificates without human intervention. The most common client is Certbot, though the protocol is also built directly into web servers like Nginx, platforms like Cloudflare and Traefik, and hosting services such as Netlify and Vercel. Because certificates are short-lived—90 days by default—renewal is designed to be fully automated, which also limits the damage if a certificate or key is ever compromised. Let's Encrypt only issues domain-validated (DV) certificates, not the extended-validation certificates some enterprises use, but for the vast majority of websites that's all that's needed to enable HTTPS and satisfy modern browser requirements.
Key Features
- Free, publicly trusted TLS/SSL certificates for any domain
- Fully automated issuance and renewal via the ACME protocol
- Short 90-day certificate lifetime that encourages automation and limits exposure
- Domain validation performed via HTTP, DNS, or TLS-ALPN challenges
- Wide client support (Certbot, web servers, load balancers, hosting platforms)
- Backed by major internet infrastructure and browser vendors
- Rate limits designed to prevent abuse while supporting legitimate high-volume use
- Open governance under the nonprofit Internet Security Research Group