Let’s Encrypt Infrastructure

We occasionally get questions about what Let’s Encrypt’s operations infrastructure is like. Here’s a quick overview.

Let’s Encrypt’s services are operated on dedicated infrastructure with stringent physical access controls. We currently have about 38 rack units of hardware, consisting primarily of Hardware Security Modules (HSMs), compute nodes, storage, switches, and firewalls. There is quite a bit of physical and logical redundancy to protect us from failures.

The hardware is split between two sites. These two sites are separated such that it’s very unlikely that a major event could bring down both sites. At each site, our hardware is located inside a special secure room inside a datacenter. These special rooms require extra authentication, and cannot be entered alone.

We primarily use Linux for operating systems. We make heavy use of configuration management to automate deployments; our goal is that nothing be deployed or configured manually in our environment. We are even working to bring systems not typically manageable in this way under this paradigm. As a result we can re-deploy identical environments in a matter of minutes and there are no surprises.

Our API endpoints and OCSP services are proxied by Akamai. This gives us powerful traffic management capabilities, including DOS mitigation and caching. This greatly increases our confidence that we can keep our services up and running in extreme traffic conditions.

Our infrastructure is constantly under internal review, but we also rely on audits to help ensure safety and correctness. We go through WebTrust audits to ensure that we’re complying with the Baseline Requirements and meeting or exceeding the expectations of the Web PKI community. We also have security audits, including penetration tests, performed by a separate entity. Both audit types provide us with valuable feedback.

Our operations team has worked incredibly hard over the past year to get this infrastructure ready and we’re pleased with the results so far.

3 thoughts on “Let’s Encrypt Infrastructure

  1. You wrote this re ACME: “Having a well-defined and heavily audited specification developed in public on a standards track has been a major contributor to our growth and the growth of our client ecosystem.”

    Consider that you’re giving away free certificates to struggling web folk who once had to pay $ tens, hundreds, or many thousands per year for them: now imagine for a moment what your growth *would* have looked like, if you had NOT done any audited specs whatsoever.

    Would all those freebie-seeking admins have chosen to keep paying for their old certs, instead of getting your free ones, because they looked on github and saw a “roll your own” certificate acquisition protocol and not a “standard” ?

    Do you think your actual growth would have been different?

  2. Is there any way to get in touch with you directly or anyone in the Let’s Encrypt group? I’m a user and a fan but have a different idea that I just want someone to put their eyes on and give me some feedback. I don’t want tech support and I’m not soliciting for money, but just want to have a conversation with someone who is much smarter than I am when it comes to certificates and security on the internet.

  3. It is a pity that your master key was not generated in any manor that gives the community confidence that your master key material was not compromised (more specifically, that the random source for your keys has not been backdoored, like bsafe, and was derived from plausible TRNG with no PRNG or other security-reducing interference).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s