#compsci 

Let's Encrypt is a non-profit [[Certificate authority|certificate authority]] run by the [[Internet Security Research Group]] that provides [[X.509]] certificates for [[TLS]] encryption without charging fees.

It is the world's largest certificate authority with the goal of creating a more secure and privacy-respecting web through the widespread adoption of HTTPS.

The service only issues domain-validated certificates (DV) (because they can be fully automated), Organization Validation (OV) and Extended Validation Certificates (EV) require human input, and are therefore not offerd by Let's Encrypt.

Let's Encrypt certificates are valid for 90 days by default.


![[Pasted image 20260501034956.png]]
## History
Started in 2012 by two [[Mozilla]] employees, Josh Aas and Eric Rescorla, together with Peter Eckersley at the [[EFF]] and J. Alex Halderman at the University of Michigan.

[[Internet Security Research Group]], the company behind Let's Encrypt, was incorporated in 2013.

On January 28, 2015, the [[ACME protocol]] was submitted to the IETF for standardization.

On September 14, 2015, Let's Encrypt issued its first certificate, which was for the domain helloworld.letsencrypt.org.

In the remainder of 2015 Let's Encrypt certificated became trusted by all major browsers.

## Tech
In June 2015, Let's Encrypt announced the generation of their first [[RSA]] root certificate, ISRG Root X1.

In September 2020, Let's Encrypt issued one new [[ECDSA]] root certificate, ISRG Root X2.

The challenge-response protocol used to automate enrolling with the certificate authority is called the Automatic Certificate Management Environment (ACME)

## Implementation
The certificate authority consists of a piece of software called Boulder, written in Go, that implemenets the server side of the ACME protocol.

Client-side implementations include [[Certbot]], acme.sh, GetSSL