Encrypt all the webpages: Let’s Encrypt to offer wildcard certificates for free

Let's Encrypt, the free and open certificate authority (CA) launched as a public service by the Internet Security Research Group (ISRG), says it will begin providing free "wildcard" certificates for Internet domains in January 2018. Wildcard certificates allow anyone operating a domain to link a single certificate to multiple subdomains and host names within a domain. That means a single free certificate could be used to provide HTTP Secure (HTTPS) encryption of pages on multiple servers or subdomains hosted on a single server, significantly lowering the barrier for adoption of HTTPS on personal and small business websites.

In its current form, which requires registration of a certificate for each individual Web address, Let's Encrypt is used for HTTPS on more than 46 million websites. The organization issued its 100 millionth certificate on June 29.

Currently, about 58 percent of webpage visits are encrypted via HTTPS based on browser metrics. When Let’s Encrypt launched in August of 2016, only 39.5 percent of pages loaded were encrypted with HTTPS. While Let's Encrypt has certainly played a role in the shift, Google has, too. In August of 2014, Google announced that the company's ranking algorithm for websites would include whether the page was encrypted with HTTPS as a "ranking signal." As a result, HTTPS became a much higher priority for sites competing for search engine visibility.

The new wildcard certificates will be made available as part of an upgrade to Let's Encrypt's support for the Automated Certificate Management Environment (ACME) protocol, an interface for programmatically deploying certificate keys to servers. Originally developed by the ISRG specifically for Let's Encrypt, ACME version 2 is now an Internet Engineering Task Force draft protocol. "We will initially only support base domain validation via DNS for wildcard certificates, but may explore additional validation options over time," Josh Aas, ISRG's executive director, said in a blog post announcing the change. Since Let's Encrypt is a non-profit, the extent of those additional changes will likely be determined by how well the organization's fundraising goes.