Let's Encrypt: A Free Robotic Certificate Authority

Presented at 31C3 (2014), Dec. 30, 2014, 2 p.m. (60 minutes)

As we've called for widespread use of HTTPS, the cost and complexity of the certificate system has been an obstacle.

In 2015, a certificate authority, trusted by mainstream web browsers, will issue certificates for web servers automatically at no charge in under a minute. This CA will automatically perform Domain Validation (DV) to verify applicants' control over domain names. The associated software can optionally reconfigure their web servers and deploy the new certificates immediately.

We'll take a look at how the Let's Encrypt CA works, our ACME protocol for requesting and issuing certs, and the client software that can automate the process. And we'll demonstrate what the experience of getting a cert from the new CA may look like for webmasters (don't look away, or you might miss it!). We'll also talk about who's behind Let's Encrypt and some of the measures we're considering for preventing misissuance of certs. Of course, you're invited to test and help perfect the process.


  • Seth Schoen
    Seth Schoen has served as Staff Technologist at the Electronic Frontier Foundation since 2001. Seth Schoen is a Staff Technologist at the Electronic Frontier Foundation.


Similar Presentations: