How let's encrypt handles randomness?

Hello wonderful people!

Today I stumbled across this article and I am totally blown away by the technology that is used by cloudflare team to generate randomness

I would like to find out how let’s encrypt handles randomness for our private keys?

I use certbot application on my linux VM to generate SSL certs via Let’sencrypt.

Does this randomness handled by let’sencrypt’s HSM devices? OR by my poor little ubuntu server?

Please educate us on this topic :slight_smile:


1 Like

Private keys are always generated on your system! It’s very important that the CA (or anybody else) never sees nor has access to your private keys. So, for generating those, it’s all your box.


Also, that’s a really neat article, thanks for sharing!


I also think that CloudFlare’s method is really cool.

A certificate from Let’s Encrypt will mention the subject public key, which is the certificate applicant’s own public key. As @jared.m mentions, this is generated on your own system, by your own Let’s Encrypt client application, as a consequence of generating the corresponding private key. If you’re using Certbot, the key generation step takes place at

This, in turn, is using the OpenSSL library to generate the key. OpenSSL will use your system’s built-in CSPRNG, typically accessed through /dev/urandom, for randomness when generating the private key. (I believe it uses its own internal CSPRNG which it seeds with data read from /dev/urandom.)

When Let’s Encrypt issues the certificate, it signs it using an HSM. The signature is made with Let’s Encrypt’s own private key, which was also originally created by the HSM, and used the HSM’s internal CSPRNG. There is some additional randomness added to each certificate (as required by industry rules in order to mitigate the impact of potentially unknown hash collision techniques), which you can find in the certificate serial number.

This is using the Go language’s crypto/rand package.

The Boulder CA also uses crypto/rand to generate large numbers of random numbers that are used extensively within the ACME protocol (for example, for random challenge values).


true random number generators can be hard to find

There is a list on here

Secure sites (banks millitary etc) will use hardware dedicated for that purpose (rather than using CPUs on servers)

The one I have tinkered around with in the past is the Australian National University one

You can feed these in to OpenSSL for random number generation

Might write this up when i find the bits of code (now I am lazy and just use OpenSSL)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.