On a mission to solve communications security issues for the whole Internet. That, and drink coffee. Zola 2025-12-03T00:00:00+00:00 https://insufficient.coffee/tag/letsencrypt/atom.xml 2025-12-03T00:00:00+00:00 2025-12-03T00:00:00+00:00 Unknown https://insufficient.coffee/2025/12/03/reflecting-on-lets-encrypt/

<p>My friend Christophe Brocas has just <a rel="external" href="https://blog.brocas.org/2025/12/01/ACME-a-brief-history-of-one-of-the-protocols-which-has-changed-the-Internet-Security/">published a retrospective on the ten years since we unveiled the ACME protocol to the world</a>. He interviewed me and some colleagues for the piece, and I recommend it!

2017-07-10T00:00:00+00:00 2017-07-10T00:00:00+00:00 Unknown https://insufficient.coffee/cutting-over-lets-encrypts-statistics-to-map-reduce/

<p>We're <a rel="external" href="https://tacticalsecret.com/analyzing-letsencrypt-stats-via-map-reduce/">changing the methodology</a> used to calculate the <a rel="external" href="https://letsencrypt.org/stats/">Let's Encrypt Statistics page</a>, primarily to better cope with the growth of Let's Encrypt. Over the past several months it's become clear that the existing methodology is less accurate than we had expected, over-counting the number of websites using Let's Encrypt, and the number of active certificates. The new methodology is more easily spot-checked, and thus, we believe, is more accurate.

2017-05-16T00:00:00+00:00 2017-05-16T00:00:00+00:00 Unknown https://insufficient.coffee/analyzing-letsencrypt-stats-via-map-reduce/

<p>I've been supplying the statistics for Let's Encrypt since they've launched. In Q4 of 2016 their volume of certificates exceeded the ability of my database server to cope, and I moved it to an Amazon RDS instance.&hellip; </p>

2016-12-19T00:00:00+00:00 2016-12-19T00:00:00+00:00 Unknown https://insufficient.coffee/demoing-lets-encrypt-at-the-phoenix-devops-meetup-in-february/

<p>The Phoenix DevOps Meetup has asked me to do a <a rel="external" href="https://www.meetup.com/Phoenix-DevOps-Meetup/events/236338847/">walk-through of how to encrypt a website using Let's Encrypt for their February meetup</a>. I don't believe this talk will be recorded, but for any locals who want to discuss PKI, I'll be available after.

2016-09-30T00:00:00+00:00 2016-09-30T00:00:00+00:00 Unknown https://insufficient.coffee/lets-encrypts-growth-to-10m-fqdns/

<p>Yesterday Let's Encrypt reached a new milestone: the unique set of all fully-qualified domain names in the currently-unexpired certificates issued by Let's Encrypt is now <strong>10,022,446</strong>.&hellip; </p>

2016-07-05T00:00:00+00:00 2016-07-05T00:00:00+00:00 Unknown https://insufficient.coffee/rmll2016/

<p>Today at the <a rel="external" href="https://sec2016.rmll.info/program/">RMLL conference's security track</a> I'm talking about some of the challenges, decisions, and trade-offs that occurred while launching Let's Encrypt, in a talk I've called <a rel="external" href="https://sec2016.rmll.info/program/#letsencrypt">Let’s Encrypt: The Road To Encrypting All The Things</a>.

2016-04-05T00:00:00+00:00 2016-04-05T00:00:00+00:00 Unknown https://insufficient.coffee/124-days-of-lets-encrypt/

<p>This is a quick status update from the <a href="/early-impacts-of-letsencrypt/">Early Impacts of Let's Encrypt</a> post.&hellip; </p>

2016-02-19T00:00:00+00:00 2016-02-19T00:00:00+00:00 Unknown https://insufficient.coffee/early-impacts-of-letsencrypt/

<p>During the months I worked in Let's Encrypt's operations team I got fairly used to being the go-to man for any question that a database query could solve.&hellip; </p>

2016-01-21T00:00:00+00:00 2016-01-21T00:00:00+00:00 Unknown https://insufficient.coffee/issuance-rate-for-lets-encrypt/

<p>Gathering data from <a rel="external" href="https://github.com/jcjones/letsencrypt_statistics">Certificate Transparency logs</a>, here's a snapshot in time of Let's Encrypt's certificate issuance rate per minute from 15-21 January 2016

2016-01-15T00:00:00+00:00 2016-01-15T00:00:00+00:00 Unknown https://insufficient.coffee/renewing-lets-encrypt-certs-nginx/

<p>All the first <a rel="external" href="https://crt.sh/?id=10172479">Let's Encrypt certs for my websites</a> from the LE private beta began expiring last week, so it was time to work through the renewal tooling

2015-10-20T00:00:00+00:00 2015-10-20T00:00:00+00:00 Unknown https://insufficient.coffee/lets-encrypt-publicly-trusted/

<p>A bigger blog post will have to wait, but just as a brief note:</p> <p>Let's Encrypt is <a rel="external" href="https://letsencrypt.org/2015/10/19/lets-encrypt-is-trusted.html">now publicly trusted</a>. In fact, this blog is using a certificate from Let's Encrypt. And so is <a rel="external" href="https://usr.bin.coffee/">usr.bin.coffee</a>, of course.

2015-10-08T00:00:00+00:00 2015-10-08T00:00:00+00:00 Unknown https://insufficient.coffee/beta-testing-lets-encrypt/

<p>One of the advantages to being part of the Let's Encrypt team is early access to the closed beta. As such, I've been able to issue a handful of certificates from the service. For example: <a rel="external" href="https://usr.bin.coffee/">usr.bin.coffee</a>. There's a lot of other upsides as well, such as working with incredible people to make something super-high visibility for the public good.

2015-04-10T00:00:00+00:00 2015-04-10T00:00:00+00:00 Unknown https://insufficient.coffee/gatorlug-letsencrypt/

<p><a rel="external" href="http://www.gatorlug.org/">GatorLUG</a> has invited me to talk about <a rel="external" href="https://letsencrypt.org/">Let's Encrypt</a> at their April 2015 meeting. I'm honored to be playing a role in the architecture and implementation of Let's Encrypt; <a href="/content/2015/Apr/Gator%20LUG%2020150415%20Lets%20Encrypt.pdf">here are the slides I'll be presenting</a>.