Let’s Encrypt, the free and open certificate authority that launched in 2016, has issued more than 100 million certificates as of June 2017 and is currently securing 47 million domains. Earlier this year, the web passed a major milestone of getting more than 50% of traffic encrypted. Let’s Encrypt has been a major contributor to that percentage growing to nearly 58%.
“When Let’s Encrypt’s service first became available, less than 40% of page loads on the Web used HTTPS,” ISRG Executive Director Josh Aas said. “It took the Web 20 years to get to that point. In the 19 months since we launched, encrypted page loads have gone up by 18%, to nearly 58%. That’s an incredible rate of change for the Web.”
Aas also announced that wildcard certificates are coming to Let’s Encrypt in 2018. Wildcard certificates allow a site to secure an unlimited number of subdomains with the same certificate.
Currently, the process to get Let’s Encrypt working on a WordPress multisite installation is much more complicated than adding a certificate for a single domain. The WP Encrypt plugin claims multisite and multi-network compatibility but super admins have often run into failure on networks with higher numbers of sites. Wildcard support for Let’s Encrypt will provide a better way to secure multisite networks.
Let’s Encrypt will offer the wildcard certificates via the new ACME v2 API endpoint and will start by supporting base domain validation via DNS with the possibility of adding other validation options in the future. ACME is the protocol that Let’s Encrypt developed to allow subscribers to acquire and manage certificates. Those using the v1 endpoint are encouraged to move to v2 as soon as it’s available in January 2018. The v2 protocol was developed to be an IETF (Internet Engineering Task Force) standard so that ACME can work with more certificate authorities in the future.
As an advocate of web security, I have to congratulate Let’s Encrypt on this wondrous accomplishment.