Talk:Let's Encrypt

This is the talk page for discussing improvements to the Let's Encrypt article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

This article is rated B-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Internet Low‑importance Internet portal This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Low This article has been rated as Low-importance on the project's importance scale. Computer Security: Computing Low‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Low-importance). Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

Protocol section

Latest comment: 8 years ago1 comment1 person in discussion

Removing uncited text from "Protocol" section:

This process is only accepted for the first certificate being issued for any given domain (trust on first use, TOFU). Afterwards, the alternative way of validation via an existing certificate is used. Therefore, if control over an existing certificate is lost, a certificate has to be acquired from a third party in order to be able to obtain another Let's Encrypt certificate.^{[citation needed]}

Because their Certification Practice Statement section 4.8.1 contradicts this:

Note that in the case where a non-escrowed Private Key is lost or damaged, the Certificate cannot be replaced or recovered and the identity of the Subscriber must be established through the initial registration process described in Section 3.2.

Regards

129.42.161.36 (talk) 20:37, 5 November 2015 (UTC)Reply

Uncited text removed

Latest comment: 8 years ago1 comment1 person in discussion

I've removed the following:

The name of the certificate authority software "Boulder" is a hint at a product of the fictional Acme Corporation from the animated cartoon series around Wile E. Coyote and The Road Runner.

because it lacked a cite. Please feel free to put it back if you can provide a cite. -- The Anome (talk) 13:06, 21 November 2015 (UTC)Reply

Recognition

Latest comment: 7 years ago3 comments3 people in discussion

I think it may be in order to add a new section for recognition, listing what services recognize Let's Encrypt as a signing authority. I say this because when I tried to (original research I know, that's why this is in the talk page and not the main article) set up TLS on my email server using a Let's Encrypt certificate, Outlook couldn't connect, so I tried with Thunderbird which said that it didn't recognize the signing authority, presumably this is what prevented Outlook from working as well. Really I'm putting this here, because I know there are applications that don't recognize the signing authority, but can't find any legitimate sources for it myself. — Preceding unsigned comment added by 108.18.156.218 (talk) 14:08, 1 May 2016 (UTC)Reply

In Thunderbird it should be trusted and as Outlook uses the Microsoft root store AFAIK it should also work. A complete list of trusted clients is here: https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394

However I don't think it is necessary to add such a list to the Wikipedia article. --rugk (talk) 18:29, 2 May 2016 (UTC)Reply

I see nothing wrong with adding such a list, but it will include all modern browsers, since the root CA for Let's Encrypt is already part of the distributed list of certificates in all modern browsers. If you try a Let's Encrypt protected site in a browser and it doesn't work, please use the Let's Encrypt community forum to report this as a bug and they will help you fix the problem. Many kinds of misconfiguration problems can cause any certificate not to work, not just Let's Encrypt certificates. David Spector (talk) 13:18, 20 May 2016 (UTC)Reply

Security Issues

What about security and the problems of jurisdiction?

See discussion at Let's Encrypt "Let’s Encrypt and U.S. laws -- ISRG/Organizational"

23:55, 19 May 2016 (UTC) — Preceding unsigned comment added by 91.67.49.14 (talk)

Principles section

Latest comment: 7 years ago1 comment1 person in discussion

I have added a new Principles section, which basically copies material from the Let's Encrypt website, with some changes to indicate the new role of the Electronic Frontiers Foundation in maintaining CertBot. This is objective material, not subject to a point of view, but notice that I self-identify as connected with the Let's Encrypt project, so I ask that other editors confirm that there is no violation of WP:COIN policy here. I made this change to make it clear exactly what Let's Encrypt is and does, as the article was not very well written. David Spector (talk) 13:13, 20 May 2016 (UTC)Reply

/* Certificates issued */ section is mostly meaningless

Latest comment: 3 years ago2 comments2 people in discussion

/* Certificates issued */ section contain a table of dates and the total number of certificates issued by that date. There are several problems with this table: 1. these numbers are taken from Twitter from official Let's Encrypt account so might not qualify as independent source (although I don't doubt their correctness) 2. the dates are extremely irregular (most are from 2016) so reader can not reasonably get a sense of number change over time. 3. there are better sources for this kind of information: Let's Encrypt maintains a "Statistics" page with an interactive map and independent Certificate Transparency log database provides more accurate numbers. E.g., at the time of writing Let's Encrypt X3 already signed 978,990,180 certificates, closer to a billion than to 380 million reported in the table for 2018 https://crt.sh/?Identity=%25&iCAID=16418 . 104.145.127.27 (talk) 06:11, 24 April 2019 (UTC)Reply

I have removed the table, replacing it with two most recent milestones. Feel free to revert my edit; if you do revert it, please leave a comment below explaining your reasoning. Anton.bersh (talk) 07:56, 3 April 2021 (UTC)Reply