3 million issued certs and almost 2 million unexpired certificates


oh you meant a half million increase.

but how can it geven get that much in less than a week?


@jsha I would still like an update for client usage stats.


@pde Do you still have the query handy that you used for https://www.eff.org/deeplinks/2016/03/new-name-and-roadmap-lets-encrypt-client?


Hi @kelunik! Here are some updated graphs. These are for the past 60 days, which is a pretty good approximation to a count of “actively renewed certificate lineages”.

In the count of raw certificates, we’re starting to see pretty large market shares for the clients used in Let’s Encrypt integrations that have been deployed by very large hosting providers. For instance, OVH rolled their own client using libwww-perl, and that software is now the second largest requester of Let’s Encrypt certs; the Faraday requests are mostly being made by Shopify. Caveat: these numbers are also a little biased. Wordpress, for instance, issues many names per cert, so their client looks much smaller than it really is:

Counting by number of source IPs rather than number of issued certificates, the data looks quite different. This shows that Certbot is comparatively much more popular amongst folks who are just setting up one or a small number of certs on their servers. We also see that Synology NAS devices are a considerable fraction of the servers deploying LE certs.


It’s also striking that how much issuance has accelerated. The graph I posted in March showed 460K certs issued by the Let’s Encrypt Python Client / Certbot in a four month period; Certbot is now issuing about twice as many certs in about half that time, and client diversity is increasing at the same time.


thanks @pde for sharing the stats !


A little more than eight million certificates have now been issued. :+1:


crazy - wow 8 million !


well you can kick that number away now, we almost have 8,5 million certs here.
although I would take that number with a grain of salt because of the lifetime of 90 days and the renewal after 60 days which easily inflates that number)

and almost 5 million unexpired and now even more than before the number fell.I believe this number is more correct for the number of LE users.


5 041 909 unexpired certificates now. :smiley:


Nine million certificates have been issued. :slight_smile:


Ten million certificates have been issued. :grinning:


10 million ssl certs congrats Letsencrypt !


but lets not forget that this number is inflated due to the short lifetime.

the active certs went down a bit though.


IdenTrust’s root is now used by 3,0 % of all websites (= 13,1 % market share). (W³Techs) :slight_smile:


So normalizing the 60 day renewal cycle to 1 year would be about 1.6 million.
And even far less if only include the active certs.
Don’t you just love spin.


Currently about 5.5 million unexpired certificates, which is great. A slowdown in the rate of increase was bound to happen though.


The impact of Let’s Encrypt on the SSL certificate market (W³Techs)


why are 3% of the sites equal to 13% market share?[quote=“NOYB, post:36, topic:15511”]
So normalizing the 60 day renewal cycle to 1 year would be about 1.6 million.

I wouldnt normalize like that I think we would be far closer by taaking the number of unexpired certs and divide by 2 (because in most cases not more than 2 certs for any target would be valid at the same time). especially on the long run.because just dividing the total by 6 doesnt account for anyone who came in less than a year.

we have about 5.7 million unexpired and 11.2 million in total.
would be 1,8 million by your calculation and 2,9 million by my calculation.


This particular survey considers a large number of web sites, of these only a fraction have an HTTPS secured version, and of those only about half have certificates which could be valid*, so that the market for TLS certificates is judged by them to be much smaller than the market for web servers generally.

  • In practice where https://example.com/ works but has an invalid certificate it’s usually not intended as a public substitute for http://example.com but exists by accident (e.g. on a bulk host with poor HTTPS defaults) or is for admin stuff only (e.g. a self-signed cert used for the creator of a blog to upload new posts). But certainly some are just poorly configured, or have been allowed to expire.