We occasionally get questions about what Let’s Encrypt’s operations infrastructure is like. Here’s a quick overview.
Let’s Encrypt’s services are operated on dedicated infrastructure with stringent physical access controls. We currently have about 38 rack units of hardware, consisting primarily of Hardware Security Modules (HSMs), compute nodes, storage, switches, and firewalls. There is quite a bit of physical and logical redundancy to protect us from failures.
The hardware is split between two sites. These two sites are separated such that it’s very unlikely that a major event could bring down both sites. At each site, our hardware is located inside a special secure room inside a datacenter. These special rooms require extra authentication, and cannot be entered alone.
We primarily use Linux for operating systems. We make heavy use of configuration management to automate deployments; our goal is that nothing be deployed or configured manually in our environment. We are even working to bring systems not typically manageable in this way under this paradigm. As a result we can re-deploy identical environments in a matter of minutes and there are no surprises.
Our API endpoints and OCSP services are proxied by Akamai. This gives us powerful traffic management capabilities, including DOS mitigation and caching. This greatly increases our confidence that we can keep our services up and running in extreme traffic conditions.
Our infrastructure is constantly under internal review, but we also rely on audits to help ensure safety and correctness. We go through WebTrust audits to ensure that we’re complying with the Baseline Requirements and meeting or exceeding the expectations of the Web PKI community. We also have security audits, including penetration tests, performed by a separate entity. Both audit types provide us with valuable feedback.
Our operations team has worked incredibly hard over the past year to get this infrastructure ready and we’re pleased with the results so far.