Reflecting on 10 years of Let's Encrypt
Published 2025-12-03
My friend Christophe Brocas has just published a retrospective on the ten years since we unveiled the ACME protocol to the world. He interviewed me and some colleagues for the piece, and I recommend it! There’s even nice comments on HackerNews, which always makes me smile.
It’s been fun to think back on the early days that made such a dramatic inflection to my career. In early 2014 I was still working on selling turn-key PKI systems based on my SAIFE framework, though the company had been dealt quite a blow by the 2013 U.S. Federal Government shutdown. Having just constructed a certificate authority that would go on to be added to relevant trust lists, it turns out that the freshness of that experience became a key part of my recruitment into what became Let’s Encrypt.
Joining Mozilla in Q4 2014 (basically 3 weeks after this blog post), my new manager Richard Barnes introduced me immediately to Josh Aas and the secret “build a free CA” project. It was to be a side project for me, alongside coming up to speed on NSS. But this was a very fun side project: Given 38U in one datacenter and 62U in a second, design a network that exceeds WebTrust requirements, is usable and maintainable by a small team, and build a functional CA out of it in six months.
Naturally, it actually took thirteen months.
But we pulled it off. We aggressively kept everything as simple as we could, with the one bit of deliberate complexity being to structure Boulder, the CA software in microservices, to have strong network security partitions.
A considerable amount has been written about what happened then. There’s also a recording of me talking a bit about it shortly after.
But thinking back ten years now, to that day on 3 December 2015 when I, sick in bed and operating dose-to-dose on fever reducers, had the privilege of running the commands that opened the public beta… what a ride.
While I’ve done things since, I can’t imagine anything in my career topping helping to launch Let’s Encrypt.