Talk:Let's Encrypt

Protocol section
Removing uncited text from "Protocol" section:

"This process is only accepted for the first certificate being issued for any given domain (trust on first use, TOFU). Afterwards, the alternative way of validation via an existing certificate is used. Therefore, if control over an existing certificate is lost, a certificate has to be acquired from a third party in order to be able to obtain another Let's Encrypt certificate."

Because their Certification Practice Statement section 4.8.1 contradicts this:

"Note that in the case where a non-escrowed Private Key is lost or damaged, the Certificate cannot be replaced or recovered and the identity of the Subscriber must be established through the initial registration process described in Section 3.2."

Regards

129.42.161.36 (talk) 20:37, 5 November 2015 (UTC)

Uncited text removed
I've removed the following:


 * The name of the certificate authority software "Boulder" is a hint at a product of the fictional Acme Corporation from the animated cartoon series around Wile E. Coyote and The Road Runner.

because it lacked a cite. Please feel free to put it back if you can provide a cite. -- The Anome (talk) 13:06, 21 November 2015 (UTC)

Recognition
I think it may be in order to add a new section for recognition, listing what services recognize Let's Encrypt as a signing authority. I say this because when I tried to (original research I know, that's why this is in the talk page and not the main article) set up TLS on my email server using a Let's Encrypt certificate, Outlook couldn't connect, so I tried with Thunderbird which said that it didn't recognize the signing authority, presumably this is what prevented Outlook from working as well. Really I'm putting this here, because I know there are applications that don't recognize the signing authority, but can't find any legitimate sources for it myself. — Preceding unsigned comment added by 108.18.156.218 (talk) 14:08, 1 May 2016 (UTC)


 * In Thunderbird it should be trusted and as Outlook uses the Microsoft root store AFAIK it should also work. A complete list of trusted clients is here: https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394


 * However I don't think it is necessary to add such a list to the Wikipedia article. --rugk (talk) 18:29, 2 May 2016 (UTC)


 * I see nothing wrong with adding such a list, but it will include all modern browsers, since the root CA for Let's Encrypt is already part of the distributed list of certificates in all modern browsers. If you try a Let's Encrypt protected site in a browser and it doesn't work, please use the Let's Encrypt community forum to report this as a bug and they will help you fix the problem. Many kinds of misconfiguration problems can cause any certificate not to work, not just Let's Encrypt certificates. David Spector (talk) 13:18, 20 May 2016 (UTC)

Security Issues
What about security and the problems of jurisdiction?

See discussion at Let's Encrypt "Let’s Encrypt and U.S. laws -- ISRG/Organizational"

23:55, 19 May 2016 (UTC) — Preceding unsigned comment added by 91.67.49.14 (talk)

Principles section
I have added a new Principles section, which basically copies material from the Let's Encrypt website, with some changes to indicate the new role of the Electronic Frontiers Foundation in maintaining CertBot. This is objective material, not subject to a point of view, but notice that I self-identify as connected with the Let's Encrypt project, so I ask that other editors confirm that there is no violation of WP:COIN policy here. I made this change to make it clear exactly what Let's Encrypt is and does, as the article was not very well written. David Spector (talk) 13:13, 20 May 2016 (UTC)

/* Certificates issued */ section is mostly meaningless
/* Certificates issued */ section contain a table of dates and the total number of certificates issued by that date. There are several problems with this table: 1. these numbers are taken from Twitter from official Let's Encrypt account so might not qualify as independent source (although I don't doubt their correctness) 2. the dates are extremely irregular (most are from 2016) so reader can not reasonably get a sense of number change over time. 3. there are better sources for this kind of information: Let's Encrypt maintains a "Statistics" page with an interactive map and independent Certificate Transparency log database provides more accurate numbers. E.g., at the time of writing Let's Encrypt X3 already signed 978,990,180 certificates, closer to a billion than to 380 million reported in the table for 2018 https://crt.sh/?Identity=%25&iCAID=16418. 104.145.127.27 (talk) 06:11, 24 April 2019 (UTC)
 * I have removed the table, replacing it with two most recent milestones. Feel free to revert my edit; if you do revert it, please leave a comment below explaining your reasoning. Anton.bersh (talk) 07:56, 3 April 2021 (UTC)