The project provides users with free X.509 Transport Layer Security (TLS) encryption certificates as part of an automated process designed to eliminate the drawbacks of manually creating, validating, signing and installing certificates for secure websites.wikipedia.org
The main goal of the project is to provide easy to use SSL / TLS certificates. As a large part of the Internet traffic still takes place via unencrypted HTTP protocol at the time of the project creation, this exposes the user to eavesdropping or injecting advertisements or tracking cookies. In order to prevent this, it is necessary to use HTTPS protocol, which uses TLS certificates signed by the certification authority to encrypt the transmission.
The disadvantages that the project tries to solve are the costs and difficulties related to obtaining and implementing the certificate. Let’s Encrypt offers free certificates and a set of tools for managing them and automatic integration with HTTP servers. The project is an initiative of the Internet Security Research Group, supported by companies and organizations such as Akamai, CISCO, Mozilla.
SSL for all hosting accounts
All our hosting accounts have HTTPS support and Let’s Encrypt certificates enabled. By default, certificates are issued for 3 months and automatically extended for another period. All this happens in the background without your participation. We ensure continuity of Let’s Encrypt certificates without any additional charges.
These certificates are a very good solution for private individuals, starting bloggers or small online shops.
We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.letsencrypt.org
- Mozilla Firefox >= v2.0
- Google Chrome
- Internet Explorer on Windows XP SP3 or later
- Microsoft Edge
- Android OS >= v2.3.6
- Safari >= v4.0 on macOS
- Safari on iOS >= v3.1
- Debian Linux >= v6
- Ubuntu Linux >= v12.04
- NSS Library >= v3.11.9
- Amazon FireOS (Silk Browser)
- Cyanogen > v10
- Jolla Sailfish OS > v220.127.116.11
- Kindle > v3.4.1
- Java 7 >= 7u111
- Java 8 >= 8u101
Limits and restrictions
The certificate renewal process is performed every 12 hours and certificates which expire within 30 days are extended.
- Certificates per Registered Domain – you can generate certificates for up to 20 domains within 7 days.
- Names per Certificate – one certificate for a given domain can contain up to 100 subdomains in itself.
- Duplicate Certificate – You can request up to 5 identical certificates per week. Identical certificates are understood here as: having the same set of hostnames (excluding the letter size and order of hostnames). Certificate renewal falls into the duplication assumptions, but omits the above limitations.
- Failed Validation – it allows for 5 erroneous validations per account per hour.
- Overall Requests – Let’s encrypt limits “new-reg”, “new-authz” and “new-cert” requests generally to 20 queries per second. In addition, queries to the “/directory” and “/acme” directories and their subdirectories are limited to 40 queries per second.
- Accounts per IP Address – within 3 hours Let’s encrypt allows you to create up to 500 accounts associated with a single IP address.
- Pending Authorizations – you can have up to 300 pending authorizations for certificates in your account.
In addition, remember to do so:
- the domain subject to certification was fully resolvable by DNS servers and directed to a specific IP address
- access to the root directory of the domain is not blocked, or that access to “/.well-known/” is allowed.
- rules for mod-rewrite did not interfere with the path http:///.well-known/ and/or https:///.well-known/
See the Let’s Encrypt documentation pages for more information about restrictions.