How Does Let’s Encrypt Gain Your Browser’s Trust?

Ethan Robish //

Let’s Encrypt is a free service that allows you to obtain a free (as in beer) SSL/TLS domain validation certificate to use as you wish.  Here is what they have to say about themselves:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

You might be wondering how such a service can exist.  On the technical side the answer is fairly straightforward.  Let’s look at why your browser automatically trusts certificates issued by this provider.

Inspecting a certificate obtained from Let’s Encrypt shows that it was issued by “Let’s Encrypt Authority X3” which is in turn signed by “DST Root CA X3”.

Certificate Issuer Details

Certificate Chain

Next, I opened up the list of my system’s certificates.  I run Mac OS X, but you can find a similar list on your operating system as well.  I searched for the certificate authority (CA) I found earlier, “DST Root CA X3”, and it came right up.  Mystery solved.  Let’s Encrypt has been issued an intermediate certificate that is signed by a root CA certificate that comes bundled with your operating system.  More on that below.

One side note is that while Internet Explorer, Safari, and Google Chrome all use the host operating system’s certificate store, Mozilla Firefox comes bundled with it’s own.  “DST Root CA X3” is listed there, but it is interesting to see that Let’s Encrypt’s certificates are listed directly there as well.

Let’s Encrypt Certificate Authority in Firefox

To confirm our bit of sleuthing, this Let’s Encrypt blog post details how it obtained its first certificates.  It essentially echoes what we’ve just uncovered.

The post also had a nice diagram showing the signing relationships.  There are a couple more moving parts in the diagram because Let’s Encrypt actually first generated a key pair for its parent organization, the Internet Security Research Group (ISRG), which is shown as well.

Image Credit: https://letsencrypt.org/2015/06/04/isrg-ca-certs.html

One question remains, however, since the post only mentions Let’s Encrypt Authority X1 & X2.  But my earlier screenshots show a Let’s Encrypt Authority X3.  What’s going on?  This forum post answers that question.  In an effort to gain better backwards compatibility, Let’s Encrypt had two new certificates issued named Let’s Encrypt Authority X3 & X4.

IdenTrust (in the form of the DST Root CA X3 certificate we found earlier) is already a trusted CA in your system’s certificate store.  By having IdenTrust sign Let’s Encrypt’s intermediate certificates, it allowed Let’s Encrypt to bypass what it claims is a 3-6 year process of getting their own root CA into operating systems certificate stores.

Remember how I said that Firefox has it’s own self-contained certificate store?  Turns out it’s much quicker to get a certificate added there because Let’s Encrypt has announced that the “ISRG Root X1” key shown in the diagram above will be included starting with Firefox 50.

There are already instructions on implementing Let’s Encrypt for many operating systems and web servers here, along with countless other articles that you can use Google to find.  However, if there’s enough interest I may do a follow-up post where I walk through my own non-trivial setup.  I created a workflow that allows integrating Let’s Encrypt into a pre-existing Nginx configuration with zero downtime.  In addition, it lets me quickly secure a new sub-domain at any time using Let’s Encrypt.  If you’re interested in this type of setup let me know on Twitter at @EthanRobish.