Beyond the big players like Digicert, I'm surprised smaller companies have survived LetsEncrypt for this long. They mentioned it in this post ad well, most are moving towards free providers. I wonder if we'll see more shutting down in the next few years. One thing I think they could compete on is validity period as LetsEncrypt keeps lowering theirs
Shouldn't we be worried about the internet being centralized to depend on LetsEncrypt? Imagine the shit show if the US government stopped LetsEncrypt from issuing certificates to every country outside of the US.
They will not stop Letsencrypt abroad, it is clearly an asset for the US gov, the same way that Cloudflare is a worldwide MITM, it would be absurd to shut it down.
If you are a letsencrypt user, then it is nearly impossible to see (even with CT logs) that there was a malicious interception. From a website operator it looks like a pretty standard renewal as Letsencrypt has a short validity duration anyway.
Add on top of that in the US they have access to easy and non-BGP entry points to reroute traffic (Google DNS, Cloudflare DNS).
They can intercept in practice all Cloudflare and all Letsencrypt sites (except the Letsencrypt they also need cooperation of a friendly DNS and have a very theoretical little risk to get caught in CT logs).
Big sites like Meta or Google or Amazon already have to cooperate and intercept internally so in practice almost all western internet is interceptable rather easily.
There is zero world where US gov would want to stop that.
The tech guys working for the NSA are from being idiots, and it would be insulting to even consider that. They would fight to protect Letsencrypt
> They will not stop Letsencrypt abroad, it is clearly an asset for the US gov, the same way that Cloudflare is a worldwide MITM, it would be absurd to shut it down.
Maybe <5% of devops are checking in reality (and this is very generous); even if they watch it is very difficult to spot since the CA is the same, and short-lived certificates (so very normal that they renew).
crt.sh is even answering 502 Bad Gateway, though it's supposed to be the most used tool to check CT logs in the world.
So maybe, true for few paranoid geeks who usually don't have any information of interest anyway, but not for the 99% others.
The big websites are openly sharing data to govs, so they are backdoored by definition, and they don't need to justify anything.
FWIW, I once got a cease and desist letter because "company-xyz" found that we were using a subdomain "company-xyz.customers.our-service.com".
They discovered that because they were monitoring the CT logs.
And they were concerned about trademark issues.
It ended up being one of the teams in "company-xyz" that had opened an account (under the company name, of course).
But that is just a small note that people _are_ monitoring those.
If you are checking the cert logs, it is a very tiny bit to validate the key as well.
If you aren't checking... well, that isn't a concern anyway, now is it?
And the whole _point_ of the cert transparency log is that it only take _one_ such instance to ruin the credibility of a CA.
The fact that you do that in the public, and that it is _forever_, make it very hard to do in the shadows.
Luckily there are still other options out there. ZeroSSL is one I quite like: Free ACME-based certificates just like LetsEncrypt, without the rate limits, and does have paid plans if you need support. It also has better legacy client compatibility than LetsEncrypt as far as I know.
I hope that ZeroSSL has improved their policies and procedures in the past years so they're more safe and robust. Four and a half years ago, there were some significant oversights in certificate lifecycle management, TOS, and handling of key material, which needed external parties to notify them of those issues before they fixed them. To me that was an indication of limited awareness of WebPKI and security principles.
I think we should, as we should every time there is one single big player.
Obviously the ACME protocol is open but currently there are just 5 "free" providers using it (3 from the US and 2 from EU) and nothing blocks anyone to have a US adversary implementing a Letsencrypt-like issuer.
Although I have some doubts on whether that CA would get global trust in every browser. Is the Browser Forum following US sanctions? Can a CA managed by the Cuban or Iranian government enter the CA list trusted by Chrome, Safari or Firefox?
I'm genuinely asking.
The CA/Browser Forum gets to set requirements for anyone who wants to run a website. If they decide website operators should renew their certificates monthly, website operators don't much choice in the matter.
I worry that some day members of the forum will realise how much power that actually is. If there's a trade embargo on Country A, or a genocide going on in Country B, that perhaps 24-month certificates aren't the only sin they should use their power to correct.
From what I can see on the CA/Browser Forum's website (https://cabforum.org/about/membership/members/), there is enough diversity in the forum to represent the Web community as a whole. Trade embargoes issued by a single country would likely not be represented by enough CA/B members to be pushed through the Forum.
I personally sleep much better knowing that e.g. all major browser vendors cooperate on the CA/B (and elsewhere, e.g. the IETF, W3C, ECMA) instead of the biggest one dictating the rules (which, to be fair, happens to a certain degree, e.g. with Chrome leading the way for certain technologies).
To me, this seemed like turkeys voting for Christmas.
Plenty of businesses with legacy systems will happily pay $300/year for a 1-year SSL certificate, because they haven't automated renewal, and don't need to over a mere $300. This lets for-profit CAs provide something Lets Encrypt doesn't offer.
I don't get why they'd give up their one competitive benefit? Surely every customer of a paid CA is an organisation that hasn't automated certificate rotation?
Short-term, it'll get rid of a bunch of competitors who are slower at setting up automated renewal infrastructure.
Mid-term, it'll reduce the risk of noncompliance, as large customers can no longer demand that you delay revocation. CAs no longer have to fear customers switching to their competition.
Long-term, it'll reduce their operating cost, as it is no longer necessary to handhold customers through the certification issuance and installation process. You just give them a URL, id, and key to enter a single time, and it should Just Work.
The revenue loss of small customers can be compensated by regulatory capture and price hikes for EV. Tell the politicians that "everyone can get a basic cert these days", and that the really important stuff (like banking, hospitals, power grids) should be forced to buy EV certs.
It doesn't matter how far you reduce your operating cost, if your revenue falls to zero.
> The revenue loss of small customers can be compensated by regulatory capture and price hikes for EV.
Hah, that's a good one.
Sure, google.com and microsoft.com and amazon.com and godaddy.com and letsencrypt.org and facebook.com and twitter.com and cloudflare.com and coinbase.com and and visa.com and entrust.com don't need EV certificates... but you do.
> Tell the politicians that "everyone can get a basic cert these days", and that the really important stuff (like banking, hospitals, power grids) should be forced to buy EV certs.
Google removed all the verification markers from chrome in September 2019 - because they investigated them and nobody understands a green box means verification.
Yes, the obvious answer is: make the verification UI look like every other verification UI, but they didn’t did test that. The chrome team, specially ryan sleevi, thinks regular people should understand DNS. You know - apple.com.store/ipad isn’t Apple, and that withgoogle.com is actually Google.
I’ve been saying that for years, but HN loves single points of failure because half the people here fantasise about building the next SPOF they can extract rents from
Happy to see this, to be honest. Selling SSL certificates was always a borderline scammy business — the companies provided barely any added value, their websites were terrible, buying certificates was always a pain, and one always had to fight through various upsells (usually with no value at all).
Indeed, I had just started using them at that. No account needed, you just needed to set your contact to "mailto:$EMAIL" and get on with your day. Was nice to use them for a few domains so as to make sure I had a more diverse set of tried and tested issuers, with bonus points to Buypass for being outside the US as well (Norway).
I've been around long enough to remember when getting a website was really expensive. Like hundreds of thousands of $.
TLS was expensive. And insanely profitable. The sale of Thwate to Verisign was north of 600 million. (Back when 600 million was "a lot"). Since the marginal cost of making a cert is zero it was a literal cash machine.
LE broke that cash flow. CAs tried to claim their certificates were "safer" or the EV certs had any value at all. All nonsense, but for a while some layer of IT folk bought into that. Even today some of my clients believe that paid-for-certs are somehow different to free-certs. But that gravy train is rapidly ending.
So yeah, once the fixed costs overwhelm the income expect to see more shutdowns. And naturally the small CAs will die first.
I remember many moons ago, like the Netscape era, when companies that paid for EV certs got special icons and a green address and all sorts of browser indications of trustworthiness.
I just tried my (large, international) bank website in the latest Safari, and I can't even figure out how to view the cert. There's an assumption that every site will have some cert, but no special treatment for EV certs at all.
In Chrome you can click on the icon next to the address and then on security, it will show the name of the company the cert is issued to. Quite hidden though.
But yeah, Safari is always something i have trouble finding the cert, they are really hiding it.
That’s true. It’s a bit of a self fulfilling prophesy: the browsers didn’t present a meaningful verification UI, then removed the UI because users didn’t find it meaningful.
Steak isn’t delicious because, after I pee on it, people dislike the taste.
The concept of matching an real world identity to a public key is very much intact outside the browser world.
Browsers did display EV certs in very significant ways in the 2010s with green address bars. Safari even hid the URL and only displayed the certificate owner name.
Whether the CA verifies identity or not is irrelevant. Since the end user does not see the certificate they are all functionally equivalent.
And yes, the actual quality of the identity check is debatable but since nobody cares the utility of it is zero.
For example- when was the last time you checked the certificate details of a web site? Have you ever left a site because you felt the certificate didn't verify identity?
I have been helping individuals and small businesses set up websites since the 90s. At no point in time getting a website cost "hundreds of thousands of $"
Hundreds? Sure. Thousands? maybe, if you wanted a rare/expensive domain name. But hundreds of thousands? No way
Kind of concerning they're not keeping TLS cert issuance even if only for the brand. Let's Encrypt is great, but it would be unfortunate if it ended up as a de facto monopoly.
For those looking to migrate, Let's Encrypt and Google Trust Services are my current favorite picks. ZeroSSL is ok but their ACME API status has been patchy recently and I'm a little worried about them.
> "From a sysadmin and operations perspective: What a stupid change. In the perfect cloud native, fully automated fantasy land, this might work and not even generate that much overhead work. In the real world, this will generate lots of manual work. At least, until folks replace their legacy hardware and manufacturers patch their shit."
Give me a break. This is your literal job description, something you should be able to do blind.
If any random FE developer can put a proxy in front of their servers so can you.
it does seem like a good moment for some group outside the US to start issuing ACME certs.
Beyond the big players like Digicert, I'm surprised smaller companies have survived LetsEncrypt for this long. They mentioned it in this post ad well, most are moving towards free providers. I wonder if we'll see more shutting down in the next few years. One thing I think they could compete on is validity period as LetsEncrypt keeps lowering theirs
Shouldn't we be worried about the internet being centralized to depend on LetsEncrypt? Imagine the shit show if the US government stopped LetsEncrypt from issuing certificates to every country outside of the US.
They will not stop Letsencrypt abroad, it is clearly an asset for the US gov, the same way that Cloudflare is a worldwide MITM, it would be absurd to shut it down.
If you are a letsencrypt user, then it is nearly impossible to see (even with CT logs) that there was a malicious interception. From a website operator it looks like a pretty standard renewal as Letsencrypt has a short validity duration anyway.
Add on top of that in the US they have access to easy and non-BGP entry points to reroute traffic (Google DNS, Cloudflare DNS).
They can intercept in practice all Cloudflare and all Letsencrypt sites (except the Letsencrypt they also need cooperation of a friendly DNS and have a very theoretical little risk to get caught in CT logs).
Big sites like Meta or Google or Amazon already have to cooperate and intercept internally so in practice almost all western internet is interceptable rather easily.
There is zero world where US gov would want to stop that.
The tech guys working for the NSA are from being idiots, and it would be insulting to even consider that. They would fight to protect Letsencrypt
> They will not stop Letsencrypt abroad, it is clearly an asset for the US gov, the same way that Cloudflare is a worldwide MITM, it would be absurd to shut it down.
That’s does not mean they wouldn’t shut it down.
Good thing they never do any absurd things nowadays.
Sure you can, you know what your public key _should_ look like
Very unlikely in the real world.
Maybe <5% of devops are checking in reality (and this is very generous); even if they watch it is very difficult to spot since the CA is the same, and short-lived certificates (so very normal that they renew).
crt.sh is even answering 502 Bad Gateway, though it's supposed to be the most used tool to check CT logs in the world.
So maybe, true for few paranoid geeks who usually don't have any information of interest anyway, but not for the 99% others.
The big websites are openly sharing data to govs, so they are backdoored by definition, and they don't need to justify anything.
FWIW, I once got a cease and desist letter because "company-xyz" found that we were using a subdomain "company-xyz.customers.our-service.com".
They discovered that because they were monitoring the CT logs. And they were concerned about trademark issues. It ended up being one of the teams in "company-xyz" that had opened an account (under the company name, of course).
But that is just a small note that people _are_ monitoring those.
If you are checking the cert logs, it is a very tiny bit to validate the key as well. If you aren't checking... well, that isn't a concern anyway, now is it?
And the whole _point_ of the cert transparency log is that it only take _one_ such instance to ruin the credibility of a CA.
The fact that you do that in the public, and that it is _forever_, make it very hard to do in the shadows.
Excatly. There must be tools to automate checking newly issued certificates against your own copy, could anyone recommend a self-hosted one?
E.g.,
* https://github.com/SSLMate/certspotter
* https://certificate.transparency.dev/monitors/
Luckily there are still other options out there. ZeroSSL is one I quite like: Free ACME-based certificates just like LetsEncrypt, without the rate limits, and does have paid plans if you need support. It also has better legacy client compatibility than LetsEncrypt as far as I know.
I hope that ZeroSSL has improved their policies and procedures in the past years so they're more safe and robust. Four and a half years ago, there were some significant oversights in certificate lifecycle management, TOS, and handling of key material, which needed external parties to notify them of those issues before they fixed them. To me that was an indication of limited awareness of WebPKI and security principles.
See e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1698936, https://bugzilla.mozilla.org/show_bug.cgi?id=1699756
I think we should, as we should every time there is one single big player.
Obviously the ACME protocol is open but currently there are just 5 "free" providers using it (3 from the US and 2 from EU) and nothing blocks anyone to have a US adversary implementing a Letsencrypt-like issuer. Although I have some doubts on whether that CA would get global trust in every browser. Is the Browser Forum following US sanctions? Can a CA managed by the Cuban or Iranian government enter the CA list trusted by Chrome, Safari or Firefox? I'm genuinely asking.
I'm kinda worried, personally.
The CA/Browser Forum gets to set requirements for anyone who wants to run a website. If they decide website operators should renew their certificates monthly, website operators don't much choice in the matter.
I worry that some day members of the forum will realise how much power that actually is. If there's a trade embargo on Country A, or a genocide going on in Country B, that perhaps 24-month certificates aren't the only sin they should use their power to correct.
From what I can see on the CA/Browser Forum's website (https://cabforum.org/about/membership/members/), there is enough diversity in the forum to represent the Web community as a whole. Trade embargoes issued by a single country would likely not be represented by enough CA/B members to be pushed through the Forum.
I personally sleep much better knowing that e.g. all major browser vendors cooperate on the CA/B (and elsewhere, e.g. the IETF, W3C, ECMA) instead of the biggest one dictating the rules (which, to be fair, happens to a certain degree, e.g. with Chrome leading the way for certain technologies).
> From what I can see on the CA/Browser Forum's website [...], there is enough diversity in the forum to represent the Web community as a whole.
While I agree there are an astonishing number of CAs listed, it seems to me there's no representation of website operators, or website users.
I was just trying buypass for exactly that reason when I found out that they are ending it :(
Everyone said that about cloudflare, and nothing has changed on that front.
Browsers also keep lowering the maximum validity period: https://www.theregister.com/2025/04/14/ssl_tls_certificates/
Not just browsers, CAs voted in favour too.
To me, this seemed like turkeys voting for Christmas.
Plenty of businesses with legacy systems will happily pay $300/year for a 1-year SSL certificate, because they haven't automated renewal, and don't need to over a mere $300. This lets for-profit CAs provide something Lets Encrypt doesn't offer.
I don't get why they'd give up their one competitive benefit? Surely every customer of a paid CA is an organisation that hasn't automated certificate rotation?
Short-term, it'll get rid of a bunch of competitors who are slower at setting up automated renewal infrastructure.
Mid-term, it'll reduce the risk of noncompliance, as large customers can no longer demand that you delay revocation. CAs no longer have to fear customers switching to their competition.
Long-term, it'll reduce their operating cost, as it is no longer necessary to handhold customers through the certification issuance and installation process. You just give them a URL, id, and key to enter a single time, and it should Just Work.
The revenue loss of small customers can be compensated by regulatory capture and price hikes for EV. Tell the politicians that "everyone can get a basic cert these days", and that the really important stuff (like banking, hospitals, power grids) should be forced to buy EV certs.
> Long-term, it'll reduce their operating cost,
It doesn't matter how far you reduce your operating cost, if your revenue falls to zero.
> The revenue loss of small customers can be compensated by regulatory capture and price hikes for EV.
Hah, that's a good one.
Sure, google.com and microsoft.com and amazon.com and godaddy.com and letsencrypt.org and facebook.com and twitter.com and cloudflare.com and coinbase.com and and visa.com and entrust.com don't need EV certificates... but you do.
> Tell the politicians that "everyone can get a basic cert these days", and that the really important stuff (like banking, hospitals, power grids) should be forced to buy EV certs.
Google removed all the verification markers from chrome in September 2019 - because they investigated them and nobody understands a green box means verification.
Yes, the obvious answer is: make the verification UI look like every other verification UI, but they didn’t did test that. The chrome team, specially ryan sleevi, thinks regular people should understand DNS. You know - apple.com.store/ipad isn’t Apple, and that withgoogle.com is actually Google.
The validity of any certificate by 2029 will be reduced to 47 days.
The only way to compete with LetsEncrypt and other free providers would be on futures, like unlimited number of renewals and guaranteed reliability.
Support would be a big part of the enterprise and smaller ones pie but at 47 days everything would be integrating acme protocol so rough times ahead
And DTLS support. Last I checked, LetsEncrypt has issues with DTLS for webrtc. Don't know if it is still the case.
I’ve been saying that for years, but HN loves single points of failure because half the people here fantasise about building the next SPOF they can extract rents from
they now also compete with aws $15/year certs
Happy to see this, to be honest. Selling SSL certificates was always a borderline scammy business — the companies provided barely any added value, their websites were terrible, buying certificates was always a pain, and one always had to fight through various upsells (usually with no value at all).
Buypass was one of the free alternatives to Let's Encrypt that also supported the ACME protocol and even gave you 180 days validity.
Indeed, I had just started using them at that. No account needed, you just needed to set your contact to "mailto:$EMAIL" and get on with your day. Was nice to use them for a few domains so as to make sure I had a more diverse set of tried and tested issuers, with bonus points to Buypass for being outside the US as well (Norway).
I've been around long enough to remember when getting a website was really expensive. Like hundreds of thousands of $.
TLS was expensive. And insanely profitable. The sale of Thwate to Verisign was north of 600 million. (Back when 600 million was "a lot"). Since the marginal cost of making a cert is zero it was a literal cash machine.
LE broke that cash flow. CAs tried to claim their certificates were "safer" or the EV certs had any value at all. All nonsense, but for a while some layer of IT folk bought into that. Even today some of my clients believe that paid-for-certs are somehow different to free-certs. But that gravy train is rapidly ending.
So yeah, once the fixed costs overwhelm the income expect to see more shutdowns. And naturally the small CAs will die first.
I can't say I'll mourn any of them.
But aren't there some differences? LE doesn't verify identitiy. Though I'm not saying that the big CEs are that thorough.
Browsers stopped prominently showing the identities in EV certificates long ago. There is zero value in paying for a TLS certificate.
I remember many moons ago, like the Netscape era, when companies that paid for EV certs got special icons and a green address and all sorts of browser indications of trustworthiness.
I just tried my (large, international) bank website in the latest Safari, and I can't even figure out how to view the cert. There's an assumption that every site will have some cert, but no special treatment for EV certs at all.
In Chrome you can click on the icon next to the address and then on security, it will show the name of the company the cert is issued to. Quite hidden though.
But yeah, Safari is always something i have trouble finding the cert, they are really hiding it.
Well it can be bypassed by setting up a new company with the same name. Someone had done that against stripe I remember.
That’s true. It’s a bit of a self fulfilling prophesy: the browsers didn’t present a meaningful verification UI, then removed the UI because users didn’t find it meaningful.
Steak isn’t delicious because, after I pee on it, people dislike the taste.
The concept of matching an real world identity to a public key is very much intact outside the browser world.
Browsers did display EV certs in very significant ways in the 2010s with green address bars. Safari even hid the URL and only displayed the certificate owner name.
> with green address bars.
Yes. A green address bar isn't meaningful verification UI. That is why no other platform uses green bars for verification.
Whether the CA verifies identity or not is irrelevant. Since the end user does not see the certificate they are all functionally equivalent.
And yes, the actual quality of the identity check is debatable but since nobody cares the utility of it is zero.
For example- when was the last time you checked the certificate details of a web site? Have you ever left a site because you felt the certificate didn't verify identity?
I have been helping individuals and small businesses set up websites since the 90s. At no point in time getting a website cost "hundreds of thousands of $"
Hundreds? Sure. Thousands? maybe, if you wanted a rare/expensive domain name. But hundreds of thousands? No way
Bought by Private Equity [TSS] <1y ago[0].
> Buypass AS has a new owner. Total Specific Solutions (TSS) took over ownership with effect from October 16, 2024.
[0]: https://www.buypass.com/news/change-of-ownership-in-buypass-...
Kind of concerning they're not keeping TLS cert issuance even if only for the brand. Let's Encrypt is great, but it would be unfortunate if it ended up as a de facto monopoly.
For info, here is a list of some of the current ACME enabled CAs, not counting the purely commercial/enterprise gang: https://acmeclients.com/certificate-authorities/
For those looking to migrate, Let's Encrypt and Google Trust Services are my current favorite picks. ZeroSSL is ok but their ACME API status has been patchy recently and I'm a little worried about them.
> "From a sysadmin and operations perspective: What a stupid change. In the perfect cloud native, fully automated fantasy land, this might work and not even generate that much overhead work. In the real world, this will generate lots of manual work. At least, until folks replace their legacy hardware and manufacturers patch their shit."
Give me a break. This is your literal job description, something you should be able to do blind.
If any random FE developer can put a proxy in front of their servers so can you.
Wrong thread?
Have you read the article? I quoted the last paragraph.