Critical Analysis of Let's Encrypt Security Concerns and Reliability Issues
By
todsacerdoti
7mo ago· 10 min readenOpinion
100/100
Golden Brown
Bagelometer↗
Master baker tier. Every paragraph earns its place on the tray.
Score100TypeopinionSentimentnegative
Summary
This article presents a critical perspective on Let's Encrypt, arguing that the free certificate authority provides a "false sense of security" despite its widespread adoption. The author expresses skepticism about Let's Encrypt's security model and reliability, citing incidents where Let's Encrypt certificates were used in man-in-the-middle attacks against major hosting providers like Hetzner and Linode. The piece includes multiple updates spanning from 2019 to 2023, showing the author's evolving but still critical stance, with the final update indicating the author now uses a Let's Encrypt certificate but remains reluctant about it.
Key quotes
· 4 pulledLet's Discuss the organization providing a false sense of security at an unbeatable price.
This is my last I told you so, I promise. But Let's Encrypt certificates were used to MiTM Hetzner and Linode servers.
Yeah, I've got an LE cert now. And I don't want to talk about it.
Microsoft Teams was unusable for about seven hours yesterday, because Microsoft forgot to renew their Let's Encrypt certificate.
posted 2019-04-24; updated 2023-11-05
