- Internet Security Research Group published its 2022 Annual Report, revealing statistics about Let’s Encrypt.
- According to the report, Let’s Encrypt provides TLS to over 309 million domains via 239 million active certificates.
- The report says that in 2022, Let’s Encrypt usage grew by over 33 million domains, as of 1 November.
Internet Security Research Group, the nonprofit organization that runs Let’s Encrypt, published its annual report for 2022. In 2022, Let’s Encrypt, the organization behind TLS all over the Internet, saw two major milestones: the issuance of its three billionth certification and reaching 300 million active domains.
33 million domains in 2022
According to the report, Let’s Encrypt had 2.5 million average daily issuances during 2022. As of November 1st of 2022, the maximum number of daily issuances in 2022 was 3.1 million. On average, Let’s Encrypt issues 30 certificates per second during 2022.
Since its establishment in 2015, the organization provided 3,078,399,255 certifications as of 1 November. The organization is providing TLD to more than 309 million domains with 239 million active certificates. The report also shows that 82% of all web pages loaded by Firefox are using HTTPS globally.
At the start of 2022, 98-99% of its OCSP traffic was handled by our CDNs. Let’s Encrypt approximately caches around 100,000 OCSP requests every second. By deploying Redis as an in-memory caching layer, the team improved its ability to server OCSP responses. Josh Aas, Executive director of ISRG said,
« Back in March of 2020, Let’s Encrypt needed to respond to a compliance incident that affected nearly three million certificates. That meant we needed to get our subscribers to renew those three million certificates in a very short period of time or the sites might have availability issues. We dealt with that incident pretty well considering the remediation options available, but it was clear that incremental improvements would not make enough of a difference for events like this in the future. We needed to introduce systems that would allow us to be significantly more agile and resilient going forward.
Since then we’ve developed a specification for automating certificate renewal signals so that our subscribers can handle revocation/renewal events as easily as they can get certificates in the first place (it just happens automatically in the background!). That specification is making its way through the IETF standards process so that the whole ecosystem can benefit, and we plan to deploy it in production at Let’s Encrypt shortly. Combined with other steps we’ve taken in order to more easily handle renewal traffic surges, Let’s Encrypt should be able to respond on a whole different level the next time we need to ask significant numbers of subscribers to renew early. »