Why the web moved to Let’s Encrypt

Why the web moved to Let’s Encrypt

The global web industry has almost entirely moved to encrypted connections.

To protect customers’ personal information, websites and web applications encrypt the transmitted data using SSL certificates.

We have already talked about how to set up the automatic issuance of an SSL certificate to protect content distributed via a CDN.

In this article, we’ll tell you about the history and reasons for the success of Let’s Encrypt, the most popular cryptographic certificate of today.

Why do we need HTTPS?

The Internet turned into a global marketplace where everyone wants to be sure that their transactions are secure.

To achieve this, connections between the client and the server began to be organized in accordance with the HTTPS protocol (where S stands for Secure) using an SSL certificate, a website’s unique digital signature.

SSL certificates encrypt passwords, bank card numbers, email addresses, and other information that customers enter into the website. This was designed to prevent attackers from identifying confidential information when intercepting data.

Aside from securely transferring information and conducting financial transactions, there are other good reasons to use HTTPS to help your online business succeed.

Impact on SEO

Since 2014, HTTPS connections have affected the position of websites in Google search results. Sites with SSL certificates began to benefit from search results.

The presence of the HTTPS protocol is taken into account as a full-fledged ranking factor. In this way, Google takes care of its users by warning them that a certain website is not recommended as it might result in personal data, passwords, or bank card information being stolen.

Browser requirements and user trust

Since 2017, the Google Chrome browser began to mark HTTP sites as not secure if they did not operate with the HTTPS protocol.

The icons in the address bar indicate whether the website has a security certificate, whether the browser trusts this certificate, and whether a secure connection to the website can be established.

Why the web moved to Let’s Encrypt
How to check the security of a website’s connection (Google Knowledge Base)

About 1 in 5 customers don’t complete an online transaction out of fear for their security if the icon of an unsecured connection to the online store is displayed.

The transition to mobile

Smartphones have become the primary device for accessing the Internet. Google introduced the Accelerated Mobile Pages (AMP) technology to speed up the downloading of mobile pages back in 2015. It enables web pages to download faster to a mobile device if the Internet connection is slow. This technology only works with websites that use HTTPS. As a result, HTTPS is quickly becoming an increasingly important aspect for optimizing your domain for smartphones using AMP.

Such restrictions are becoming more common in newer versions of browsers and web applications that are developed with HTTPS and aren’t as effective with HTTP.

How did Let’s Encrypt appear?

Let’s Encrypt is a certificate authority that allows anyone to get free X.509 cryptographic certificates for TLS (HTTPS) in a fully automatic fashion within 30 seconds.

Why the web moved to Let’s Encrypt

Let’s Encrypt was started at the end of 2012 by two Mozilla employees, Josh Aas and Eric Rescorla.

The mission of the project is to make the Web secure by default while using a simpler encrypting procedure.

At first, the project was developed privately, but in November 2014, it was announced publicly and it received wide support from the industry community. The service is currently managed by the Internet Security Research Group (ISRG) public organization. The main sponsors of the project are the Electronic Frontier Foundation (EFF), the Mozilla Foundation, Akamai, Cisco Systems, and others. Well-known certificate authorities are also represented among the partners. The project is being developed based on open standards.

In September 2015, Let’s Encrypt issued its first test certificate, and in December, they began their public Beta. By early 2020, they’ve issued more than one billion certificates. Today, more than 200 million websites choose Let’s Encrypt over other certificate authorities.

Why the web moved to Let’s Encrypt
Let’s Encrypt usage statistics

Reasons behind its popularity

First of all, Let’s Encrypt quickly became popular due to the fact that hosting and CDN providers began to provide this service to their customers by default. Secondly, Domain Validation certificates are free for 90 days.

As a result, in February 2020, Let’s Encrypt issued its one-billionth certificate.

Why the web moved to Let’s Encrypt
SSL certificate usage statistics

How did they manage to automate the issuance of SSL certificates?

Their technology is based on the Automated Certificate Management Environment protocol, which automates the process of generating all the necessary keys between the client and the certificate authority within the PKI.

Read more about the technology used by Let’s Encrypt in this review article: Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web.

Why the web moved to Let’s Encrypt
The algorithm for automatically obtaining a certificate using the ACME protocol

What’s the difference between paid and free certificates?

In 2015, the average annual cost of a certificate for one domain among the top five certificate authorities was around $178. Even though a free alternative in the form of Let’s Encrypt appeared in 2016, the prices for paid certificates decreased only slightly.

The reason for that is because Let’s Encrypt has no intention to issue and distribute Organization Validation and Extended Validation Certificates for free or to support wildcard certificates (in the case of an unlimited number of subdomains).

Why the web moved to Let’s Encrypt
Prices for SSL certificates in 2015 and 2019

In addition to standard verification by domain, paid certificates support more thorough checks by organization (name, location, and existence of the organization associated with the domain) and mixed checks (the status of the purchaser of the certificate as a legal entity), including manual checks.

Paid certificates are recommended for corporate websites that process sensitive data and for e-commerce platforms that receive customer payment details and personal information online.

The encryption methods for SSL certificates issued by different providers are the same. That’s why small websites and blogs are perfectly fine with Let’s Encrypt, which has become the web standard over the last three years.

How do we issue Let’s Encrypt certificates?

  1. We receive a request from the customer to issue a Let’s Encrypt certificate.
  2. We check the correctness of the settings of all specified CNAMEs (How to Configure CNAME).
  3. If all CNAMEs are configured correctly, we send a certificate issue request to Let’s Encrypt. In response, we receive an SSL certificate that we then send to the edge servers in an encrypted form. We apply an HTTP-01 challenge for issuing (What Is an HTTP-01 Challenge).

A certificate can only be issued for an active web resource. If you have created a resource and it’s still in the process of activation, you won’t be able to issue a certificate.

Get a Let’s Encrypt certificate for free in 15 minutes

Since the option to integrate an SSL certificate has become very popular among our CDN service customers, we’ve reduced the time needed to issue it to 15 minutes.

The certificate itself is issued in just 1 minute, but it takes about 10–15 minutes for it to reach all edge servers. We are continuing to work on reducing this time as well.

Why the web moved to Let’s Encrypt

Read about the ways to integrate the most popular SSL certificate in a special section of the knowledge base.

Make downloading websites and any heavy content not just fast but secure with the Gcore CDN and Let’s Encrypt free SSL certificates.

Sign up for CDN for free

Subscribe to our newsletter

Stay informed about the latest updates, news, and insights.