惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
Recorded Future
Recorded Future
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
Y
Y Combinator Blog
N
News | PayPal Newsroom
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
博客园 - Franky
SecWiki News
SecWiki News
Recent Announcements
Recent Announcements
T
Troy Hunt's Blog
The Register - Security
The Register - Security
The Last Watchdog
The Last Watchdog
Webroot Blog
Webroot Blog
S
Security Affairs
博客园 - 司徒正美
S
Schneier on Security
I
InfoQ
博客园_首页
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Threat Research - Cisco Blogs
Forbes - Security
Forbes - Security
腾讯CDC
N
Netflix TechBlog - Medium
N
News and Events Feed by Topic
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
A
About on SuperTechFans
Engineering at Meta
Engineering at Meta
Recent Commits to openclaw:main
Recent Commits to openclaw:main
B
Blog
V
Vulnerabilities – Threatpost
C
Check Point Blog
Google DeepMind News
Google DeepMind News
Google Online Security Blog
Google Online Security Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cisco Blogs
Schneier on Security
Schneier on Security
O
OpenAI News
K
Kaspersky official blog

Let's Encrypt

The difficulty of making sure your website is broken Simplifying Certificate Renewals for Millions of Domains with ACME Renewal Information (ARI) Six-Day and IP Address Certificates Available in Certbot Shorter Certificate Lifetimes and Rate Limits DNS-PERSIST-01: A New Model for DNS-based Challenge Validation On the Importance of "Hello" and "Thanks" 6-day and IP Address Certificates are Generally Available 10 Years of Let's Encrypt Certificates Decreasing Certificate Lifetimes to 45 Days New "Generation Y" Hierarchy of Root and Intermediate Certificates ACME Renewal Information (ARI) Published as RFC 9773 Native ACME Support Comes to NGINX End of Life Plan for RFC 6962 Certificate Transparency Logs OCSP Service Has Reached End of Life We've Issued Our First IP Address Certificate Expiration Notification Service Has Ended Reflections on a Year of Sunlight How We Reduced the Impact of Zombie Clients Sustaining a More Secure Internet: The Power of Recurring Donations Ending TLS Client Authentication Certificate Support in 2026 How Pebble Supports ACME Client Developers Ten Years of Let's Encrypt: Announcing support from Jeff Atwood We Issued Our First Six Day Cert Encryption for Everybody Scaling Our Rate Limits to Prepare for a Billion Active Certificates Ending Support for Expiration Notification Emails Announcing Six Day and IP Address Certificate Options in 2025 Announcing Certificate Profile Selection Ending OCSP Support in 2025 Intent to End OCSP Service More Memory Safety for Let’s Encrypt: Deploying ntpd-rs Let’s Encrypt Continues Partnership with Princeton to Bolster Internet Security Takeaways from Tailscale’s Adoption of ARI An Engineer’s Guide to Integrating ARI into Existing ACME Clients Deploying Let's Encrypt's New Issuance Chains New Intermediate Certificates Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost A Year-End Letter from our Vice President Our role in supporting the nonprofit ecosystem Increase your security governance with CAA Shortening the Let's Encrypt Chain of Trust ISRG’s 10th Anniversary Improving Resiliency and Reliability for Let’s Encrypt with ARI Thank you to our 2023 renewing sponsors A Look into the Engineering Culture at ISRG Let’s Encrypt improves how we manage OCSP responses A New Life for Certificate Revocation Lists Nurturing Continued Growth of Our Oak CT Log TLS Beyond the Web: How MongoDB Uses Let’s Encrypt for Database-to-Application Security Let’s Encrypt Receives the Levchin Prize for Real-World Cryptography New Major Funding from the Ford Foundation TLS Simply and Automatically for Europe’s Largest Cloud Customers Making the Web safer and more secure for everyone Resources for Certificate Chaining Help Speed at scale: Let’s Encrypt serving Shopify’s 4.5 million domains Preparing to Issue 200 Million Certificates in 24 Hours The Next Gen Database Servers Powering Let's Encrypt A Year-End Letter from the Executive Director of Let's Encrypt and ISRG Extending Android Device Compatibility for Let's Encrypt Certificates Standing on Our Own Two Feet [Updated] Let's Encrypt's New Root and Intermediate Certificates Let's Encrypt Has Issued a Billion Certificates Multi-Perspective Validation Improves Domain Validation Security How Let's Encrypt Runs CT Logs Onboarding Your Customers with Let's Encrypt and ACME Introducing Oak, a Free and Open Certificate Transparency Log Transitioning to ISRG's Root The ACME Protocol is an IETF Standard Facebook Expands Support for Let’s Encrypt Looking Forward to 2019 Let's Encrypt Root Trusted By All Major Root Programs Engineering deep dive: Encoding of SCTs in certificates Looking Forward to 2018 ACME Support in Apache HTTP Server Project Wildcard Certificates Coming January 2018 Milestone: 100 Million Certificates Issued ACME v2 API Endpoint Coming January 2018 OVH Renews Platinum Sponsorship of Let's Encrypt Let’s Encrypt 2016 In Review Launching Our Crowdfunding Campaign Our First Grant: The Ford Foundation Squarespace OCSP Stapling Implementation Introducing Internationalized Domain Name (IDN) Support ISRG Legal Transparency Report, January 2016 - June 2016 What It Costs to Run Let's Encrypt Let's Encrypt Root to be Trusted by Mozilla Full Support for IPv6 Defending Our Brand [Updated] Progress Towards 100% HTTPS, June 2016 Leaving Beta, New Sponsors ISRG Legal Transparency Report, July 2015 - December 2015 New Name, New Home for the Let's Encrypt Client Software Our Millionth Certificate OVH Sponsors Let's Encrypt Entering Public Beta Facebook Sponsors Let's Encrypt Public Beta: December 3, 2015 Why ninety-day lifetimes for certificates? The CA's Role in Fighting Phishing and Malware Let's Encrypt is Trusted
Ten Years of Community Support
2025-10-07 · via Let's Encrypt

Seth Schoen was an early contributor to Let's Encrypt through his work at the Electronic Frontier Foundation. He's also one of the longest standing participants in the Let's Encrypt community support forum, so we asked him to offer his thoughts on the role and impact of the forum as a resource for our users. Thank you for your many years of expertise and participation, Seth!

Along with the tenth anniversary of Let’s Encrypt’s first certificate, we’re also celebrating ten years of the Let’s Encrypt Community Forum, which has played a vital role in the Let’s Encrypt community.

It’s been the first stop for end users with technical questions. It’s been the main way that client developers got help with ACME and debugged compatibility issues. It’s been the place where Let’s Encrypt staff made technical announcements and got immediate feedback from affected parties.

It’s happened in many different languages (including official French, Spanish, and Portuguese categories, use of numerous volunteers’ native languages, as well as many successful conversations via machine translation). For example, people have gotten help in Dutch, Russian, German, and Chinese.

Thousands of volunteers have provided help and successfully helped tens of thousands of users get their certificates. Occasionally, they’ve also reported bugs in client software, documentation, or even the Let’s Encrypt service itself. Many times a responsible developer was there to interact directly with the bug reporter.

Here are the monthly pageviews from the creation of the Community Forum until the present day:

Monthly pageviews chart showing growth from 2015 to 2025

Other reports from the forum software show that much of the most recent pageview growth is due to robots, probably from AI training. But that may ultimately be helpful to users too, as AI systems learn about Let's Encrypt from the forum posts and become more able to answer users' questions correctly.

Seeing the results of one’s efforts

The most common kind of interaction on the forum is one in which a Let’s Encrypt end user shows up with some kind of problem, usually an inability to get or renew a certificate. In most cases, if the user is willing to answer some questions, the community is ultimately able to resolve the problem.

I’ve often compared the satisfaction of helping users on the Let’s Encrypt forum to what I felt while installing bike lights at a local cycling organization’s bike light giveaway event. In both cases, one could engage for a few minutes with someone, maybe deal with some unanticipated oddities (extra-thick handlebars? an unusual seat post or cargo rack? a strange DNS setup? an unusual Apache configuration?). Usually, this would lead to a concrete practical improvement in safety afterward (the blinking red tail light freshly installed on someone’s bike, or the lovely https:// prefix or padlock icon newly visible in the browser bar when browsing to a visitor’s website). It’s common in the Internet security world not to be able to see or appreciate how what we do helps people, so “we just helped make connections to your specific web site more secure” is especially satisfying.

Tangible safety upgrades!

Bicycle with red rear safety light attached to seat post

Photo by Richard Masoner / Cyclelicious, CC-BY-SA 2.0. Not a bike light I personally installed.

HTTPS padlock icon shown in browser address bar for Wikimedia website

I think Wikimedia Foundation figured out their Let's Encrypt certificates without support from the forum. But we're there if they ever need us!

A channel between Let’s Encrypt staff and the community

Let’s Encrypt describes itself as “free, automated, and open”; part of that openness consists of its use of open standards (ACME) and open source CA software (Boulder). Part of it is also about how much of the CA’s thinking happens in public! One example (of dozens) is that the September 2025 Let’s Encrypt root ceremony was discussed ahead of time on the forum, starting back in July, with the plans and details all open for discussion and review. Let’s Encrypt staff have even asked the community for feedback on how production and testing certificates ought to be named!

In other cases, like when there was new functionality announced, or substantive technical changes affecting certificate issuance, or proposed rate limit changes, or problems requiring mass revocation, or expiring root certificates, Let’s Encrypt staff were available talking about all the details and directly answering end users’ questions. Again, there are lots of other examples, where changes large or small got announced, proposed, or discussed on the forum, with Let’s Encrypt’s own experts engaging with the community.

Final thoughts and thanks

The forum runs on Discourse, which has continued to be an effective choice of forum software for the community. Discourse has nice technical and user interface features, but it’s also pleasantly unobtrusive. The Discourse company has also generously been donating pro bono hosting for the forum for many years, and, of course, it uses a Let’s Encrypt certificate.

The volunteers on the Let’s Encrypt forum have made a huge contribution to Let’s Encrypt’s success. It’s easy to imagine that many users might have given up on Let’s Encrypt in frustration were it not for the efforts of dedicated volunteers to draw out the necessary details, notice the relevant issues, and patiently explain concepts that were confusing people. There are also volunteer moderators who’ve worked hard to keep the forum on track, stop spam, and defuse distracting conflicts. Thanks to all of you.

Several software projects have been informed by discussions and issues on the forum, as developers there found opportunities to help large numbers of users. I would particularly highlight Alex Zorin’s Let’s Debug and Jonathan Griffin’s CertSage as examples in this category. Let’s Debug runs a series of practical live tests on a specified site to help users figure out why certificate issuance is failing, giving useful explanations of many of the most common failure reasons. CertSage is a client meant for users who have hosting plans without native support for Let’s Encrypt, and without administrative access—but where they can run PHP scripts. These projects grew out of Alex’s and Jonathan’s experiences helping users on the forum and seeing the kinds of issues that came up repeatedly there. Joona Hoikkala’s helpful acme-dns, which helps subscribers complete the ACME DNS challenge with a dedicated service instead of using an existing DNS server, also helped respond to a common issue that brought many people to the forum.

I would also like to thank Jacob Hoffman-Andrews for his early efforts to set a positive and welcoming tone on the forum. Jacob and other forum administrators always reminded the community to be patient and welcoming to each visitor, emphasizing that the forum was many users’ first interaction with Let’s Encrypt, and that users ought to be welcomed regardless of their expertise or background (and regardless of whether their questions had been asked before by others).