I'd be interested to see whether the total numbers of SSL sites has expanded because of LetsEncrypt.
I remember, one of the arguments that the Comodo CEO had on the forum was a rant about LetsEncrypt attacking their business model. While there were a lot of weird things in that rant, it does seem reasonable that a free service will erode the paid, commercial offering. So I would be curious if Letsencrypt is enabling people who otherwise would not have gotten an SSL cert, as well as the extent Letsencrypt is taking away customers.
I would also be curious to see what happens when wildcard SSL certs are launched.
> And because 85 percent of those sites never had HTTPS before, it's already significantly boosted the total fraction of sites that are encrypted on the web as a whole. Based on numbers Mozilla gathers from Firefox users, encrypted sites now account for more than 42 percent of page visits, compared with 38.5 percent just before Let's Encrypt launched. And Aas says that number is still growing at close to one percent a month.
Let's Encrypt has been of enormous service to me. It's not just about saving money -- it's about changing my perspective and expectations to "encrypted by default".
This is something that is going to save a company I work for thousands annually. Extended Validation certificates for dozens of domains and subdomains. Now we just plug certbot into crontab and forget about it, forever!
Thank you for all the work you do. It is a great service you have given the world at large.
We don't do any sort of major ecommerce and I have never drank the EV Kool-aid. It's the same encryption either way, just EV has an extra CA "stamp of approval". Considering how much I trust your average CA[1], i.e. not at all[2]...
At least with DV certs. Having worked at a legaltech company for a couple years with lawyers, I've gain some appreciation for the role of governance. I can still see EV certs having a place in this ecosystem.
DV certs though ... largely felt like a scam to me, back when I learned how they work in the early days of the web.
> So I would be curious if Letsencrypt is enabling people who otherwise would not have gotten an SSL cert
Since Lets Encrypt, every last thing I put on the Internet leverages SSL. Prior to Lets Encrypt, I had purchased a single SSL cert, ever, because I don't have the money to throw at every little thing I like to create and play with.
Admittedly the plural of "anecdote" is not "data", but assuming I'm not special, my suspicion is "very much yes".
> So I would be curious if Letsencrypt is enabling people who otherwise would not have gotten an SSL cert, as well as the extent Letsencrypt is taking away customers.
For my personal stuff, it is both. I paid for a single cert on my little server, but it hosted a handful of domains. It wasn't practical to secure the rest with only a single IP or to expensive to pile them all on a single cert. Let's Encrypt replaced one paid cert and secured 5 other domains that I otherwise wouldn't have.
This bled into work where we replaced all paid certs(except wildcards, coming soon) and secured hundreds of domains were not before.
For me, I would never have bothered securing my personal site and small project sites with SSL. With Lets Encrypt they are all SSL now. I assume many devs with side sites are doing the same, but that may be just a drop in the bucket.
I'd be shocked if it hasn't. The announcement from Google a year or so ago that sites not using SSL would suffer a small but undefined down-ranking in search results I think also really helped drive adoption too, and doubtless drove some into the arms of LetsEncrypt and their free certificates.
I switched from self-signed to LE for all of my personal sites. I had gotten some other free SSL cert provider up and running for one site, but it was a lot of steps; I would probably have paid $5 per year or so over free for something as convenient as LE, were LE not free.
I remember, one of the arguments that the Comodo CEO had on the forum was a rant about LetsEncrypt attacking their business model. While there were a lot of weird things in that rant, it does seem reasonable that a free service will erode the paid, commercial offering. So I would be curious if Letsencrypt is enabling people who otherwise would not have gotten an SSL cert, as well as the extent Letsencrypt is taking away customers.
I would also be curious to see what happens when wildcard SSL certs are launched.