Let’s Encrypt is one of the best things to ever happen to the Internet. It used to be a pain in the ass and take days to get certificates for domains and set them up on a server and now you can buy a domain and deploy a functional and secure website within 15 minutes. Lowering the barrier to entry for https was a game changer. I appreciate their clear communication about their timeline for changing their signing chain. If anyone is still using an 8 year old Android phone, it’s probably time for an upgrade anyway

A year or so ago I was doing some market analysis for work into the most widely adopted CA’s across the Internet. I found this analysis from w3techs that had LetsEncrypt at number 5, and IdenTrust at number 1 (https://w3techs.com/technologies/overview/ssl_certificate)

At the time I was pretty shocked. I’d never heard of IdenTrust, and half the internet seemed to be using LetsEncrypt… so how was this possible? It was only when I looked into it further I discovered that the vast majority of existing LetsEncrypt certificates were cross-signed by IdenTrust, so I suspect this analysis by w3techs was skewed as a result, classifying cross-signed LetsEncrypt certificates as signed by IdenTrust (as they kind of are).

It’ll be really interesting to see what happens post 2024 when the last of the cross-signed certificates expire. My expectation is that IdenTrust will plummet in that ranking and LetsEncrypt will take the top spot.