Let’s Encrypt, an organization set up to encourage broader use of encryption on the Web, has distributed 1 million free digital certificates in just three months.
The digital certificates cover 2.5 million domains, most of which had never implemented SSL/TLS (Secure Sockets Layer/Transport Layer Security), which encrypts content exchanged between a system and a user. An encrypted connection is signified in most browsers by “https” and a padlock appearing in the URL bar.
“Much more work remains to be done before the Internet is free from insecure protocols, but this is substantial and rapid progress,” according to a blog post by the Electronic Frontier Foundation, one of Let’s Encrypt’s supporters.
The organization is run by the ISRG (Internet Security Research Group) and is backed by Mozilla, Cisco, Akamai, Facebook and others.
There’s been a push in recent years to encourage websites to implement SSL/TLS, driven in part by a rise in cybercrime, data breaches and government surveillance. Google, Yahoo, and Facebook have all taken steps to secure their services.
SSL/TLS certificates are sold by major players such as Verisign and Comodo, with certain types of certificates costing hundreds of dollars and needing periodic renewal. Critics contend the cost puts off some website operators, which is in part why Let’s Encrypt launched a free project.
“It is clear that the cost and bureaucracy of obtaining certificates was forcing many websites to continue with the insecure HTTP protocol, long after we’ve known that HTTPS needs to be the default,” the EFF wrote.