Let's Encrypt is a non-profit initiative that provides a free, automated, and open CA (certificate authority) authority created by the ISRG for the benefit of society:

• for free : the owner of any domain name can use Let's Encrypt and get trusted (read as "recognized by any modern browser") TLS-certificate (TLS - SSL heir) completely free of charge ;
• automated : Let's Encrypt provides free and free software (client), which, when configured on a web server, can fully automatically request gratis Let's Encrypt certificates automatically configure and update them;
• safe : Let's Encrypt is built as a platform to promote best practices for TLS security on both the certification authority (CA) side and the web side, helping administrators properly configure web servers;
• transparent : information about the release and revocation of each Let's Encrypt certificate is available completely and publicly so that anyone who wishes to study it can do it;
• free : CA interaction protocols that automate the process of issuing and renewing certificates will be published as an open standard for maximum implementation;
• cooperatively : like any protocol that underlies the Internet and the World Wide Web, Let's Encrypt is a collaborative, non-controllable, non-profit project created solely for the benefit of society.

Let's Encrypt open beta today, December 3, 2015. Public beta means that all Let's Encrypt systems become available to anyone who would like to receive a certificate. Registering to wait for invite is no longer necessary.
')
The closed beta testing of Let's Encrypt began on September 12, 2015, and since then more than 11,000 certificates have been issued, and this experience has given Let's Encrypt the confidence that all systems are quite ready for a public beta.

For the World Wide Web, it is finally time to make a big step forward towards security, privacy and encryption. Let's Encrypt was created to make HTTPS the default standard, and to accomplish this goal, the work of the new CA provides for the maximum simplification of the processes of obtaining, updating, revoking and managing certificates.

Let's Encrypt still have a lot of work before the “beta” mark can be completely cleared, in particular, in the user workflow process: the bet is on automation, and therefore a lot of effort will be spent on ensuring perfect work of the client on a wide range of platforms, for which Let's Encrypt will closely monitor user reviews, study them and make the necessary improvements in the work as soon as possible.

Let's Encrypt depends on supporting a wide variety of organizations and specific people. Please consider participating, and if your company or organization is willing to help, you can write here .

Why is the lifetime of certificates only 90 days?

This question has been raised repeatedly: yes, Let's Encrypt issue certificates that have a lifetime of 90 days; the people asking this question are usually convinced that 90 days is too little, and that it would be nice if Let's Encrypt receive certificates that live a year or even longer, as some other CAs do.

90-day certificates are not new to the World Wide Web. According to Firefox telemetry, 29% of all TLS transactions use 90-day certificates, and no other lifetime makes up a large share of transactions. The point of view of Let's Encrypt is that the short lifetime of certificates has two main, main advantages:

1. limiting damage from compromised keys and incorrectly issued certificates, as such are used for a shorter period of time;
2. short-lived certificates support and encourage automation, which is absolutely essential for HTTPS ease of use. If we are going to migrate the entire World Wide Web to HTTPS, then you can’t expect manual updating of certificates from the administrator of each existing site. As soon as the issue and renewal of certificates becomes fully automated, the shorter lifetime of certificates, on the contrary, will become more convenient and practical.

It is for these reasons that Let's Encrypt do not offer certificates with large lifetimes, but since it is also quite clear that Let's Encrypt service is still young, and that automatic certificate management is new to the vast majority of subscribers, it was the 90-day lifetime that was chosen as still delivering. A time period sufficient for a comfortable manual update (Let's Encrypt recommends its subscribers to update their certificates every 60 days) if this is necessary for any reason. However, however, as soon as the automatic certificate renewal software is massively implemented and shows its reliability and stability, Let's Encrypt plans to lower the maximum lifetime even more.