Let’s Encrypt in the spotlight

We have compiled all practical information we could find and written it up at Numbers you need to know. It’s a long list of restrictions, rate limits, and other useful information to keep in mind.  Here’s a few selected points that we found interesting. Big thanks to schoen from Certbot/EFF for pointing out numerous inaccuracies.

HTTPS in browsers
  • Do you know that Let’s Encrypt now issues 80% of all publicly trusted certificates globally?
  • Do you know that your Let’s encrypt certificate is in fact valid only 89 days and 23 hours?
  • Do you know that you are only allowed to request only 2,000 OCSP requests per second from each of your servers?
  • Do you know that in one week you can request 20 new certificates followed by 1,000 renewals, but if you do it the other way round the requests for new certificates will be rejected?
  • Do you know that if you regularly request a certificate every 8 hours and 25 minutes, some of your requests will start being rejected in less than 90 days (after your first renewal)?
  • Do you know that you can create only 10 new accounts in 3 hours from one IPv4 address, but you are allowed 500 registrations from IPv6/48 range?

If you want to use Let’s Encrypt in larger scale, you may want to read the complete story.

If you already use Let’s Encrypt certificates, you may want to try a free SSL planner and tracker at https://keychest.net .

KeyChest dashboard
KeyChest dashboard

Published by

Dan Cvrcek

Founder and CEO of Enigma Bridge, engineer, entrepreneur, cryptography SME, security architect, and professor.