Clarification: Number of Websites


#1

In your blog (https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html, Let’s Encrypt Root Trusted By All Major Root Programs, Aug 6, 2018, Josh Aas, ISRG Executive Director) you stated out: “Let’s Encrypt is currently providing certificates for more than 115 million websites.”

Question: What means the term “115 million websites”?

  • 115 million certificates?
  • 115 million domains?
  • something else?

If I look into the statistics:

It seems that letsencrypt currently administrates 53 million certificate and issues around 600.000 certificates per day.

53.000.000 certs / 60 days = 883.333 certs per day
53.000.000 certs / 90 days = 588.888 certs per day

Conclusion: A typical certificate contains 2 domains (eg. example.com, www.example.com).
Calculation: 53 million * 2 = 106 million websites (that’s very close to 115 million websites).

Right?


#2

There are currently ~172m actively trusted (unexpired and unrevoked) Let’s Encrypt certificates, so it is either the the count of FQDNs or the count of Registered Domains. I’d guess the former.


#3

Hmm, 172 million active certificates …

Let’s assume that every 75 days (60…90) each certificate would be renewed.

172.000.000 certs / 75 days = 2.3 million issues per day

2.3 million issues per day is significant different from 600.000 issues per day.


#4

Note the header on the stats page, those charts are not up to date.

There is maintenance work underway and the “Let’s Encrypt Growth” and “Let’s Encrypt Certificates Issued Per Day” statistics are not up-to-date. We hope to have these graphs back up and running soon.


#5

Does that mean that the value of 600.000 certificate issues per day is totally wrong.
If so: What is the correct value (rough indication sufficient)?


#6

You can use Censys queries to work this out.

For example

Date Number of Certificates
2018-10-10 2,703,248
2018-10-09 2,783,620

etc


#7

Thanks for the clarification.

This leads to (values rounded, 2018/10/12):
• Active Public-Key-Certificates: 174 millions
• Issues per Day: 2.8 millions
• Medium Lifetime: 62 days


#8

Yup, this is the best way to look up this info for now. We’re working on getting the stats page back up and running but there is no set timeline for that yet.

Note that these Censys queries include both precerts and finalized certificates so the true number is about half (see here for a query for just precerts).


#9

Sorry, now I’m confused …

What’s the difference between a precert and finalized certificate?
I couldn’t find that information on the censys.io website.

Or better: Could you give valid letsencrypt stats for:

  • currently active certificates
  • medium certificate issues per day

#10

It’s about https://www.certificate-transparency.org/ :

The process is :

  • A pre-certificate (identical to the final certificate, with the exception of a flag indicating it’s a pre-certificate) is produced by the CA and published to CT logs
  • the final certificate is generated, including the proof of publication of the pre-certificate
  • The final certificate is logged too.

#11

(Note that the spelling used by the CT system is pre-certificate rather than per-certificate.)


#12

Thanks for the link and the explanation. IMHO the discussion leads to this:

  • number of active certificates: 87 millions (2018/10/16, censys.io)
  • number of certificate issues per day: 1.35 millions (2018/10/10, censys.io)

So the mentioned blog statement “Let’s Encrypt is currently providing certificates for more than 115 million websites.” probably means domains and not certificates.


#14

What do mean with this? To use censys queries to calculate the number of websites?
I have tried it, but couldn’t find a solution. Could you publish your censys query?


#15

When we say “websites” in that context we mean “unique fully qualified domain names (FQDNs) covered by our active certificates.”