10 Million Certificates Per Day: The Scale Achievement
Let’s Encrypt just hit 10 years and 10 million certificates per day—a milestone that sounds like marketing spin until you realize they’re issuing more certificates in one hour (340,000) than most commercial certificate authorities handle in months. On December 9, 2025, the non-profit certificate authority celebrated a decade of transforming web security from a paid luxury to a free default, now protecting nearly 1 billion websites at zero cost.
To understand how absurd this scale is: Let’s Encrypt is now the world’s largest certificate authority with 63.4% market share. They went from issuing their first certificate in September 2015 to 1 million total certificates in March 2016, then hit 1 million per day in 2018. Now they’re at 10 million per day. That’s not just growth—that’s proof a non-profit can run critical infrastructure at commercial scale without charging a cent.
From 27% to 78%: The HTTPS Transformation
The numbers tell a bigger story than just “big non-profit issues lots of certificates.” In 2013, before Let’s Encrypt existed, only 27% of web traffic used HTTPS according to Firefox telemetry data. When they launched in December 2015, that was 39.5%. Today it’s 78% globally and 95% in the United States. Let’s Encrypt didn’t just make SSL certificates free—they changed what we expect the web to be. Security went from something you paid for if you could afford it to something that’s just there by default. Small sites, personal blogs, open-source projects—everyone gets the same security that used to cost $50-200 per year per domain.
How ACME Protocol Automation Enabled Scale
Here’s the thing though: the real revolution wasn’t free certificates. It was automation. Before Let’s Encrypt, getting an SSL certificate meant generating a Certificate Signing Request manually, submitting it to a commercial CA, waiting for email verification, installing the certificate by hand, setting a calendar reminder for next year’s renewal, and repeating this every single year. Let’s Encrypt introduced the ACME protocol (Automatic Certificate Management Environment, now an Internet Standard via RFC 8555) that turned all of that into one command:
certbot certonly --nginx -d example.comDone. It auto-renews every 60 days forever. You could not scale to 10 million certificates per day with manual processes. Automation made scale possible, and scale made free sustainable.
The Non-Profit Model: How Free SSL Works
Which raises the obvious question: how does a non-profit afford to run infrastructure this massive while charging nothing? The answer is corporate sponsorships and donations. Since 2015, more than $17 million has been donated to Internet Security Research Group (ISRG), the organization behind Let’s Encrypt. They have 70+ corporate sponsors including Google, AWS, Meta, and Mozilla, with an 80% year-over-year renewal rate. Recently, Jeff Atwood (Stack Overflow co-founder) donated $1 million as part of his broader philanthropy effort. The model works because automation keeps operational costs low, and the value is obvious enough that companies will pay to keep the lights on even though they don’t have to. It’s proof that critical infrastructure doesn’t need to be commercial to work—it just needs to solve a real problem and solve it well.
What’s Next: 6-Day Certificate Lifetimes
And Let’s Encrypt isn’t slowing down. They’re pushing boundaries with 6-day certificates, which launched as an optional feature in 2025 and will become mandatory 45-day certificates by 2028 (currently certificates last 90 days). The security argument is solid: shorter certificate lifetimes mean smaller compromise windows and reduce dependence on certificate revocation, which has historically been unreliable. But it’s also controversial. Some developers see this as forcing automation where manual processes might still make sense. Let’s Encrypt’s response is basically: if your infrastructure can’t handle automated certificate renewal, you’re doing it wrong. It’s a bold stance, but it’s consistent with their philosophy. Automation isn’t optional at this scale—it’s the whole point.
The Broader Lesson for Tech Infrastructure
The broader lesson here goes beyond SSL certificates. Let’s Encrypt proved that you can take critical infrastructure that was commercial, expensive, and manual, and make it free, automated, and better. Not as a one-time hack or a side project that fades, but as sustainable infrastructure that serves a billion sites and keeps growing. The question isn’t “how did they do it?”—we know how (ACME automation, non-profit funding, corporate sponsors). The question is: what other infrastructure could follow this model? Package registries, CI/CD pipelines, developer tools—how much of what we pay for today could be free tomorrow if someone built the automation and proved the value? Let’s Encrypt gave us a template. Ten years and 10 million certificates per day later, it still works.
