Let’s Encrypt automates certificate renewals. It sells the idea that you install a client and don’t have to think about it again. This requires reliability that has to start with Let’s Encrypt itself. We can now see that with KeyChest.
Bottom line - if your certificates are affected and you will not renew and deploy new certs within hours, you will have effective downtimes - certificates will be revoked and invalid. The estimated total is 3 million, of which 1 million are duplicates.
It takes 3-5 years to build a new internet certificate issuer. Web browsers make it very hard or impossible to visit web pages without encryption. It is almost as important as DNS. Let's Encrypt supplies certificates to 60% of the internet. Is the dependence on $14 million company a reasonable risk?
So Let's Encrypt issued a billionth certificate yesterday. It is an absolutely amazing number and I'm pretty sure no-one would have thought 5 years ago that any single CA can ever achieve this number.
If you have Java applications you need to convert Linux PEM files created by Let's Encrypt clients into JKS. It's just a few steps, if you know which ones.
The enforcement of HTTPS by web browsers has introduced the pain of certificate management to small and medium businesses. My rules of thumb to make your life much easier.
You may well know that Let's Encrypt is a not-for-profit organization that provides SSL certificates for free. You may also know there is a huge number of "clients" - small software packages that you need to install on your server to start using Let's Encrypt. There is relatively little information about how it actually works.
Let’s Encrypt has a number of downsides when used on a large scale. It uses modern key management protocols, but the high-level of automation requires management. This is what KeyChest provides.
As we continuously improve our own certificate management service, we keep an eye on other tools. There is a wide range of services and each of us has different requirements and preferences.