The project is funded by the Internet Security Research Group (ISRG), a new Californian public-benefit group backed by leading tech firms including Mozilla, The Electronic Frontier Foundation (EFF) and Cisco.
The platform was announced by the consortium last year with the goal of offering SSL certificates free of charge, promoting the importance of encryption and HTTPS for a secure cyberspace.
At the launch the group announced that “For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.”
Let’s Encrypt has said that its first certificates will be distributed “under tightly controlled circumstances.”
“No cross-signature will be in place yet, so the certificates will not validate unless our root is installed in client software. As we approach general availability we will issue more and more certificates, but only for a pre-approved set of domains,” it added.
“This limited issuance period will give us time to further ensure that our systems are secure, compliant, and scalable,” Josh Aas, executive director at ISRG, wrote in a blog post.
Let’s Encrypt’s root certificate will be cross-signed by IdenTrust, a public key CA owned by smartphone government ID card provider HID Global.
Website operators are generally hesitant to use SSL/TLS certificates due to their cost. An extended validation (EV) SSL certificates can costup to $1,000 (approx. £640). It is also a complication for operators to set up encryption for larger web services.
Let’s Encrypt aims to remove these obstacles by eliminating the related costs and automating the entire process.