14 DAY TRIAL // Three months and five days after the Let's Encrypt project entered public beta stage, the Electronic Frontier Foundation (EFF), one of its co-founders, is announcing that it put out its one millionth certificate, which was issued yesterday on March 8, at 09:04 AM GMT.
The Let's Encrypt project was started in 2012 by four researchers, two from the Mozilla Foundation, and one from the University of Michigan and another one representing the Electronic Frontier Foundation.
The project was incorporated in May 2013, and after a long closed alpha stage, it entered a public beta phase in December 2015, when it started providing free X.509 TLS certificates to help webmasters support HTTPS communications on their websites and servers.
Nine in ten certificates are used on servers that never had HTTPS support
Since the launch of this beta stage, EFF says that sysadmins requested one million of such certificates, of which 90% have been used on domains that didn't feature HTTPS support prior to entering the Let's Encrypt program.
Because Let's Encrypt certificates can be used for multiple domains, the EFF is saying that its certs are covering not 1 million sites, but are being used for more than 2.5 million domains.
This is very good news, and it comes to show that people have been waiting for something like Let's Encrypt to come along.
Let's Encrypt certs have been abused in cyber-crime campaigns
Besides the "free" aspect of Let's Encrypt, most webmasters say they love its installation procedure, a feature that the project has ardently worked on.
While most SSL/TLS certificates are almost near impossible to install without some kind of technical background in server administration, Let's Encrypt certificates come with an installer that guides server admins through a simple [Click Button] - [Click Button] - [Click Button] -[DONE] process.
But things aren't all positive because Let's Encrypt certs have also been abused in malware campaigns. Because the certificates can be obtained in a matter of minutes and allow anonymous registration, criminals abuse them also.
One such example was reported by Trend Micro in early January when a Let's Encrypt certificate was used for a malvertising campaign that was spreading the Vawtrack banking trojan.
