Can Let's Encrypt disclose what HSM they are using?

I am currently utilizing a Let's Encrypt certificate in an environment that is undergoing a federal audit. Concerns were raised that Let's Encrypt does not state that they utilize FIPS VALIDATED modules, only FIPS compliant.

In the Let's Encrypt documentation you state: "ISRG uses HSMs meeting FIPS 140-2 Level 3 (or higher) requirements." which implies FIPS compliance but not FIPS validation.

I found information that you may be backed by the Luna HSM which is FIPS validated but I am struggling to pass this control without confirmation that this is true of all certificates generated for our environment. (Luna HSM Protects New Certificate Authority Service - Case Study)

The ultimate goal is to determine if the FIPS modules in use are listed in the FIPS validation list. (Cryptographic Module Validation Program | CSRC)


There's a brief mention of them getting new donated HSMs from Thales in this blog post a couple years ago:

I don't know as that's really what you're looking for, or would be meaningful enough for an "audit".

I wouldn't expect that you'd need to have more detail than what's already listed in Let's Encrypt's own audits in order to just be using LE Certificates, but I have luckily managed to stay away from the term "FIPS" in my career.


That blog post may help since it specifically ties you guys to the Luna HSM. I will try to further the conversation with that information. If we are still struggling to get through, would it be appropriate to email the security address provided in contacts to get an attestation? I avoided that as I didn't want to flood that email with unneeded questions.

I'm now kind of amused that in the CP/CPS, Destroying Private Keys says that destruction is done via a "FIPS 140-2 (or higher) validated zeroize method", but that creating private keys refers to standards and controls that it "uses HSMs meeting FIPS 140-2 Level 3 (or higher) requirements." I didn't know that there was a difference between "validated" and "meeting requirements", but I'm curious if that wording difference is intentional.

To be clear, I'm just a random person on the Internet who sometimes posts on this forum. You may yet get an answer here from someone who actually works for Let's Encrypt when they get a chance, though they can pretty busy.

I think they prefer to correspond via the forums if possible. That security address I think is more intended for reporting security vulnerabilities, not for asking for help with your audits.


That was my reading on that address too. I didn't realize you were freelancing! Thank you for the research on this one.

The Baseline Requirements and the WebTrust SSL Baseline audit requirements both specify FIPS validation, and Let's Encrypt publishes WebTrust audit reports that confirm compliance.


To wrap this up in a bow for anyone else chasing this rabbit hole the summary of the response is as follows.

Let's Encrypt utilizes Luna HSM which is a FIPS 140-2 VALIDATED module. This relationship has been published in multiple locations (see comments above).

Aside from the known association with Luna, Let's Encrypt is audited against the WebTrust Principles and Criteria for Certification Authorities Version 2.2.2 (version subject to change). Specifically, Illustrative Principal 4.1.1 from this baseline addresses the need for the certification authority to utilize cryptographic modules that meet the requirements of 'ISO 19790 and ISO 13491-1/FIPS 140-2 (or equivalent)/ANSI X9.66 and the business requirements in accordance with the CPS'". These audit reports are publicly available and demonstrate compliance with this control.

While this does not explicitly address the extremely detailed auditors need to explicitly see the term a FIPS "validated" module, it should provide enough context to ensure a healthy conversation and argue for acceptance of these certificates.

Thank you to @petercooperjr and @JamesLE for helping dig up this information.


There is a separate document for WebTrust Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2.7, another component of the audit, and its Principle 3, Criterion 11 (on page 26) specifies "validated." Hopefully that can be the more direct documentation that you need.


The slightly older 2.5 version of the above document (which is what's listed for Let's Encrypts Nov '22 audit) says the same thing (but layout and page numbers differ):