Let's Encrypt’s mission is to create a more secure and privacy-respecting web, except for people residing in countries with the most need for a more secure and privacy-respecting web. Sure, that's great.
That said, pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries. I'm sure some of y'all are old enough to remember when web browsers came in "international friendly" versions that supported 40 bit encryption, or "fancy secure" versions with 128 bit encryption.
I’m actually old enough to remember how PGP code was exported as a book printout because exporting computer code for cryptography with strong keys in digital form was disallowed but a book was fine (protected by first amendment rights). The printout was scanned abroad to reconstitute the source and build pgp legally.
Seems in all thing tech at the moment the US legal system is accelearting a great split and erectinga digital iron curtain, from AI models to the more mundane like TLS certs.
Its been standard for a while for many Linux distros based in the US to toe the party line - like RedHat having notices pretty similar to this one by LE.
Seems any meaningful Open Projects will have to choose what path they want to take, be like RISC-V and relocate or LE and others and enforce the divide.
So what? If I disagree with the direction any FOSS project (or its maintainers) is taking... I can just fork it. People have done that countless times in the history of FOSS, most notably in the xOffice schism.
> pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries
This is most likely OFAC. Lets Encrypt could apply for a license to do business with sanctioned entities, and given their use case it would most likely be approved.
OFAC regulates commerce, not speech. Let's Encrypt is not doing "business", they're operating a free informational service. Lots of organizations interpret any information exchange as subject to OFAC regulation, and you and Let's Encrypt have good company in this interpretation, but I think it's unnecessarily ceding ground.
The government may use as wide of an interpretation of commerce as they can get away with. We've seen this happen before [0]. Sure, Let's Encrypt isn't taking money from the entities they offer certificates to. But the OFAC desk jockey assigned to that case only has to concoct some sufficiently plausible-sounding trail of money connecting the backing 501(c)3 and a sanctioned entity in order to bring them to court, and the legal team will not like that risk, even if it's unlikely for OFAC to win.
What "backdoor" would Let's Encrypt even implement? That's not how a CA works.
They might be compelled to issue a certificate to an unauthorized (by browser PKI policies, not local law) entity, but that would be very conspicuous due to Certificate Transparency.
How would they do that? The ACME protocol is "take the basic artifacts you use for certificate signing, wrap them in JSON (cryptographically, using standard JWS), then send them over using HTTP + TLS." Every part of that is something for which there exists a buttload of implementations in whatever language you care to use.
Anonymity and encrypted communication are two very, very different things. Have one but not the other and you're essentially handing off your private data incl. passwords to whoever that has a tap on the communication between you and the server can fetch them, too. Have the other but not the one and everyone will know who you are, but they can't eavesdrop.
I've had people straight up serve me malware when you attempt to OSINT them with Tor. Sometimes you need different kinds of anonymity, and I see a lot of one sized fits all proclamations on HN.
Couldn't LE have a branch in Europe or anywhere outside the USA and its minions?
Because they're betraying their own goals, as stated in their About page: “It is a service run for the public’s benefit. [...] Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. [...] Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.” Now they own they are under the control of a political organization.
Here is the paragraph Let's Encrypt added to their Subscription Agreement on 2026-06-04:
> You are not a person or entity that is:
> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target
of comprehensive U.S. sanctions;
> (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;
> or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b).
> You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.
RISC-V Foundation did.. though they go out of their way to talk about it in terms that try not to piss anyone off..
> "Across 2018-2019, the RISC-V community has reflected on the geo-political landscape and we have heard concerns from around the world that investment in RISC-V must come with IP access continuity to ensure a long-term strategic investment. We first mentioned our intentions to move at the December 2018 summit. Incorporation in Switzerland has the effect of calming concerns of political disruption to the open collaboration model. RISC-V International does not maintain any commercial interest in products or services as a non-profit, membership organization. There have not been any export restrictions on RISC-V in the US and we have complied with all US laws. The move does not circumvent any existing restrictions, but rather alleviates uncertainty going forward.
> In March 2020, the RISC-V International Association was incorporated in Switzerland. Along with this, we shifted to a new, more inclusive membership structure. Members of RISC-V International have access to and participate in the development of the RISC-V ISA specification and extensions as well as related hardware and software. RISC-V has a Board of Directors composed of member representatives as well as a Technical Committee of work group leaders."
> RISC-V International has not incorporated in Switzerland based on any one country, company, government, or event. This move is reflective of community concern and managing strategic risk for our community investing in RISC-V for the next 50+ years.
> The IP contributed and produced by RISC-V International is held under industry and global standard licenses that are already open to leverage by any company regardless of jurisdiction. This licensing is a common open source approach to foster collaboration that is not tied to any geographic regulation. IP in the public domain has not been subject to export control.
The RISC-V foundation and related companies also got a bunch of money from Europe. I am not so sure this was about leaving a repressive regime as much as chasing the European "homegrown computing" money.
This is part of why the EU is looking to move away from US-based infrastructure. The CLOUD Act basically lets Washington have an off-switch on your computing infrastructure as well as giving Washington unlimited access to any data on your computers (or that passes through them).
This is not about countries sanctioning each other. This is the US sanctioning a local company because a foreign company doesn’t follow certain US laws in foreign soil, where such laws don’t apply.
It’s a bit like the US arresting your mom at home in Texas because you ate a baggie of magic truffles in Amsterdam.
You're being very vague. Please explain what you mean? I don't see anything here about the US "sanctioning a local company," and I'm not aware of that being possible under US law.
The way you are using these words seems to indicate you might be confused about how this works.
The US has not "sanctioned" LetsEncrypt or ISRG. The US sanctions foreign entities as punishment for various reasons precisely because they are not subject to US law. That's the entire point of leveraging a sanction -- to pressure those outside of your legal jurisdiction. If they were in your jurisdiction, you'd simply arrest them.
People and organizations basically anywhere not permitted to do business with anyone your country has sanctioned. Anyone who does business internationally should be aware of their country's sanctioned list. That applies no matter where you live on the planet.
This is literally about a company that has a branch in the USA and another branch in another country, where it's bound by that country's laws. If the foreign entity which just so happens to be commercially linked to the one in the USA has any dealings with countries sanctioned by the US, the US branch is punished.
There was a case a few years ago where a public University in Brazil bought lab computers from Dell Brasil. Dell Brasil is a subsidiary of Dell, but it's 100% incorporated in Brazil, the computers were manufactured in Brazil, everything following Brazilian law. The computers were delivered with terms of service that prohibited them from being used for any dealings with US-sanctioned countries such as Iran and Cuba. The University was caught by surprise and questioned it, since they had many academic links with Cuban Universities, and Dell Brasil explained that.
I don't know how the whole ordeal ended. The Brazilian Federal Government got involved, I believe the Ministry of Exterior and the Ministry of Commerce and Industry both got involved and were at one point going to sue Dell Brasil. I suspect it ended with the University returning the computers and purchasing from another supplier.
The suggestion that Let's Encrypt could work around US sanctions by opening a branch in the EU falls under similar conditions, and the US branch would be liable if the EU subsidiary had dealings with US-sanctioned countries.
Incorporating a subsidiary in a foreign country doesn't make the parent company immune to the legal obligations it has in it's home country. It would be absurd if that were the case. Sometimes people try setting up subsidiaries overseas to hide their evasion of the law, but it is illegal to do so.
> Incorporating a subsidiary in a foreign country doesn't make the parent company immune to the legal obligations it has in it's home country.
We're not talking about legal obligations in its home country though. I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher. (Of course it would be a crime for either the parent or the subsidiary to sell to 19 year olds in the US)
(No-one is blaming Dell or Let's Encrypt here, to be clear, it's the US' excessive extraterritorial laws that are the problem)
If you are in the US you must ensure that your local company, and any sub-entity you control abroad complies with sanctions law. That is US law, and the US can apply that law to Dell the parent company, because it is in the US and controls the subsidary.
> I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher.
Because there is no US law that says you cannot sell alcohol to people abroad under 19. Heck, there's no US federal law that says Jack Daniels can't sell to people in the US under 19, either. And in fact, there are some places in the US where you can legally drink at 18, e.g. Puerto Rico. But if the US congress wanted to pass one of these laws and enforce it, it could.
US sanctions law saying that you must not transfer X from the US to Iran, directly or indirectly, is reasonable. US sanctions law saying that you must not transfer X from Brazil to Iran is gross overreach. Yes, of course the US can apply its absurdly extraterritorial laws to any parent company in the US, just as Iran could penalise any Iranian company whose US subsidiary distributed a depiction of the prophet or whatever, but that doesn't make it good law or good practice.
But the US isn't really unique in applying their laws extraterritorially. See GDPR, Universal jurisdiction laws, China's National Security Law, etc... Every jurisdiction with sizable power does it. Some of these are even more extraterritorial in scope than US sanctions are.
You may call it a subsidiary all you want, but it's still a company that's wholly incorporated in foreign soil, doing business in foreign soil.
At least in Brazil, companies that operate there must obey local laws. What happens when those laws are in contradiction with US laws, like in the example I cited? Is Brazil supposed to cave? Is Brazil supposed to keep fining Dell Brasil until it folds? Maybe prosecute Dell Brasil's directors for actively and repeatedly disregarding the law and fines?
How does that work on a global scale?
I'll say again, this is not about a US company opening a foreign subsidiary to do things in the US that are forbidden in the US. This is about a company incorporated abroad having to follow US laws while operating wholly abroad. This is a breach of sovereignty however you look at it.
It is plainly routine for a company to have to deal with multiple legal jurisdictions at a time.
Yes, sometimes this causes compliance complication. This isn't unusual, it happens frequently.
Ultimately, every government exercises the laws of their country as they see fit, using the enforcement tools they have available to them. These rules often extend outside of their borders and apply to foreign or partially-foreign entities depending on the situation. The only limits on this are the practical means of enforcing it.
Dell Brazil would have been subject to Cuba sanctions because it was controlled by the US parent company. The US has obvious jurisdiction over Dell Technologies the parent company, and the nexus to enforce it.
Nothing you are are describing is even remotely unique to the US. No country is going to let you set up a foreign subsidiary to launder goods around sanctions law. If they did, everyone would do that and nobody would ever follow sanctions.
It shouldn't be located in Europe (because, as you said, US minions are no better than the US itself). Instead it should move to a neutral country, somewhere like Singapore or Uruguay.
Let's encrypt is not some code or even a company that you can split into different branches. Their existence is one based on trust relations that let's encrypt has with browsers and operative systems. It is in one part similar to both domain names and IP address space, in that the technical aspects of creating alternative roots is almost trivial in comparison to getting the trust that is required for an alternative root to be accepted by the rest of the world.
Let say someone created an Russian Let's Encrypt. It has all the technical aspects as regular LE in that you can request a certificate and get one through an acme challenge. That is all great and all, but no browser will recognize it as valid. No operative system will recognize it as valid. The Russian state might add the new LE as valid for government computers, but the real work would be to get any other participants in the world to do the same. The issue is not a technical one but rather a social one that is built on trust.
When Russia invaded Ukraine there was a major discussion if IANA/ICANN should have disconnected Russia from domain names and IP addresses. That discussion ended on a decision to not do that because the symbolic benefit was deemed minor compared to the harm to the system in large, especially once the war end. If you got two roots, then a domain name or IP address can now suddenly have two locations, and it would be a massive pain to try fix it even if people wanted to fix it. Certificate Authorities do not share this trait since there can be an almost unlimited number of roots and none of them can conflict with each other (assuming no hash collision). If Russia spins up a new CA then people can use that one today if they want to, and they can continue to do so after the war has ended.
Took me a minute to parse the headline -- Sanctioned as as in "imposed penalty" (ie "sanctions"), not as in dictionary definition #2 "official permission or approval".
Perhaps because "US territories" are a thing, perhaps because it's way more newsworthy if LE bans the US, or perhaps im just a dummie.
Iran is blocking internet for months, US ...bans creation of secure connections - that'll show 'em!
Russian quasi-government structures are spending quadrillion of rubles on a TSPU (censorship system) to spy on Russian residents, US ...helps them by making snooping on what is currently encrypted traffic possible by banning accessible encryption!
Sanctions compliance is unfortunately fairly complex.
Let's Encrypt can issue certificates for non-government entities in Iran and Russia due to statutory exemptions protecting personal communications, alongside specific Office of Foreign Assets Control (OFAC) authorizations designed to promote Internet freedom and human rights.
We will look into whether we can make things more easily understandable in the subscriber agreement.
you should update the documents to reflect this stance.
"You are not a person or entity that is: (a) located in, organized under the
laws of, or ordinarily resident in any country or territory that is the target
of comprehensive U.S. sanctions; "
this says nothing (edit: specific) about government (edit: only), and is applicable to normal people in those areas.
[Iranian here]
Completely agreed. Reminds me of how US banned citizens and businesses in Iran from using cloud infrastructure like AWS or digital ocean, leading to people and businesses moving to the government-sponsored local cloud services, and that made it super easy for the government to block internet access whenever they want without essential services like banking, ecommerce, online taxi booking, food delivery etc being disrupted.
This somehow confirms my gut feeling that digital certificates are mainly a means to enforce exclusion on behalf of the certificate authority ownership.
It is a tool to prevent people from taking full ownership and control of whatever is affected by digital certificates, be it software, firmware, hardware, or as in this case SSL/TLS.
That's digital tyranny in disguise.
While it seems like certificate authority has the primary control here, the real control lies in browsers and operative systems in which certificate authorities are trusted. Users also have, at least for the moment, control to add or remove certificate authorities, even if that control is slightly less clear for devices like smart phones.
Digital certificates that signs software packages are used to enforce exclusion by some manufacturers. Let's encrypt is not in that space to my knowledge, but it is a place where you the owner do not have the right to determine which certificate authority should be trusted, and generally the only one that is trusted is the manufacturer. Its arguable if we even should be calling such entities a certificate authority, even if they technically are the owner of the root certificate that signs the package.
I always saw it as a trust-chain and think that anyone is welcomed to create a root certificate and distribute it to whomever trusts them. Most simple services may not need TLS, but with the ISPs eavesdropping on our communication, a form of secure communication is required and the currently best solution we have requires a trust-chain to be built.
It is such a great improvement that ISPs cannot eavesdrop us anymore... only for everyone to terminate TLS at cloudflare so they (and thus US government) can now eavesdrop everyone.
I trust governments much less that a conglomerate of competing corporations.
With all the problems with Web PKI, at least the bad actors are getting distrusted, and this provides a very strong enforcement on the rest. And Certificate Transparency makes sure the mis-issuance would be caught. It is not perfect by any means, but things are getting better.
With DANE (or other country-issued certificates), every government will absolutely double-issue certificates to police, secret service and friends of goverment, and no one will have any recourse. (In the past I'd say that only countries like Russia would do it.. but with today's climate, I am sure both US and many European countries will do that too)
I'm not really in favor of DANE, because DNSSEC is such a mess ... but.
Certificate transparency is nice. Browsers could require it for DANE certificates, just like they require it for current Web PKI certificates.
The people controlling the TLD of interesting can exert control over the domain of interest in order to issue a DANE certificate. But they can also exert control over the domain of interest in order to request a domain control certificate, so widespread use of DANE wouldn't add any new adversaries. If DNSSEC wasn't a mess, and DANE replaced WebPKI, we would eliminate the risk from CAs without adding a new risk --- TLDs (and the DNS root) are existing risks.
> every government will absolutely double-issue certificates to police, secret service and friends of goverment, and no one will have any recourse.
Countries already have CA that issue certificates with more legal force than a handwritten signature. I can open a bank account, pay my taxes and sign up to all government services. But I can't use them for a webpage.
> With DANE (or other country-issued certificates)
DANE isn't a country-issued certificate. It's a scheme where you store your public keys on DNS records. Of course, now we have the issue that DNSSEC (signed DNS records) isn't widespread and the whole issue with DNS registries.
DANE is entirely dependent on DNSSEC, and DNSSEC is, by design, under the government control, with all the bureaucratic mess and mistakes this implies.
This would be pretty terrible if anyone actually cared about DNSSEC, but luckily for us, no one cares.. So let's keep things this way.
Maybe, but then can only do it once. Then they get caught, and their CA is distrusted. See Diginotar [0] for example.
And things only gotten better since - we now have CT logs, and browsers require them, so any mis-issuance can be detected automatically, by any interested third party.
If we go to DANE, we lose this all. "Oops, our CT uploader process failed, we will fix Real Soon(tm) we promise" - and what are browsers going to do? Distrust the entire country?
Side note: “DigiNotar BV was a Dutch certificate authority from 1998 to 2011. It was acquired in January 2011 by VASCO and subsequently declared bankrupt in September of the same year” [1].
I didn’t realize the slapped their face on the pavement right after being acquired.
Philosophically, trust isn't a "solvable" problem. It can only be mitigated to varying degrees. However, some degree of trust is probably better than none.
One thing is sure, pinning trust on trust chains down from Root Certificate Authorities is fundamentally incompatible with our notion of trust and an almost absurd idea to start with. Most people using a browser don't even know any person from such an organization nor would or should they have any rational reason to trust them.
> This somehow confirms my gut feeling that digital certificates are mainly a means to enforce exclusion on behalf of the certificate authority ownership. It is a tool to prevent people from taking full ownership and control of whatever is affected by digital certificates, be it software, firmware, hardware, or as in this case SSL/TLS. That's digital tyranny in disguise.
I think the "digital tyranny" is a side effect, not the main goal. They're "mainly a means" to prevent certain kinds of MITM attacks.
It seems that, as soon as you transact with a sanctioned entity, you are globally in breach of the agreement and risking the revocation of all your certificates — also the ones for non-sanctioned countries.
Front matter:
- it is called a "Subscriber Agreement" and not anything that suggests that its scope is a single certificate
- it's a "contract [...] regarding Your [...] rights and duties relating to [...] Certificates" - plural
2.1 "Term":
- "[the agreement] will remain in force during the entire period during which *any* of Your Certificates are valid" - plural
3.1 "Warranties":
- "[by] requesting, accepting, or using *a* Let’s Encrypt Certificate" - plural
Is this actually new? Looks like a standard US export restriction for encryption technology to me. These sorts of restrictions have been around since the '90s.
Let's Encrypt becomes subject to US export restrictions on cryptography if they are a US company, or if they post anything to github or post anything to major app stores. Every app I have ever posted to Google Play has had to submit a form to the US government declaring what use they make of cryptography.
These restrictions have been in force since that late 1950s (with a long and complicated history with respect to computer cryptography). This particular text looks like a boilerplate restriction, that's required to comply with US EAR export requirements to me.
A certificate is not cryptography, though, it's a number. The entity requesting the certificate already has the cryptographic software installed on their servers, as do the clients trying to connect to them. There's nothing technologically special about the number, it's all in the realm of the social contract, in that it has been blessed by a chain of trust.
Organisations that are serious about promoting privacy should have been avoiding the US since the '90s and/or '50s, but the second best time to reincorporate in a safe jurisdiction is today.
While it's certainly possible that ISRG has been served a subpoena because it appears the US DOJ is now a mix of hacks and incompetent buffoons, it wouldn't matter because the whole point is that they don't know anything - what you told them is literally logged publicly for everybody to see without even knowing how to spell "subpoena" let alone issue one.
Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena - but the whole fucking point of a Public Key Infrastructure is that we're using Public Key Encryption, if we were OK with everybody having secrets all over the place this entire thing wouldn't be needed.
> Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena
LetsEncrypt certainly doesn't, but I've seen certificate storefronts that generate the key on their side and provide you the key and the certificate, so you don't have to figure out how to generate a key.
They could mint certificates, for / about any name. But, those certificates won't work in popular applications unless the certificates include proof of logging.
So to be effective this means a hypothetical bad actor (maybe the US government or anybody else) issues bogus certificates, then either logs them - making a permanent record for everybody to see, or also subverts two or more logs, so that they issue bogus proofs.
This is a very expensive one shot attack on whatever the target would be, I guess it's not stupider than "Let's bomb Iran for no good reason" but it's up there.
I don't subscribe for my personal domains, because who cares, but when I was in charge of certificates for something important I subscribed to notifications from several providers to make sure I didn't miss anything.
I would like to think at least all the high profile destinations have someone watching.
What constitutes the "vast majority" ? Periodically I check mine, and I sometimes have reason to check others, I no longer run my own log auditing (I did when I worked somewhere else because it was close to my main field of interest) but other people do.
How can you check other people's certs? How do you know whether a cert issued is authorized by them or not?
The only one who can check for maliciously published certs is the entity authorized to request them. I think most companies are happy when they manage to have valid, not expired certs and do not care too much about making sure there are not too many of them.
You are right that if the state would start issuing malicious certs en mass that would be found out quickly. But I think very targeted selected operations against entities where they know the entity is unlikely to surveil for unauthorized certs are very much possible.
I'm not arguing for going into conspiratorial thinking and claiming CAs are all compromised and issuing malicious certs all the time. But I do think that it is feasible for states to use CAs under their direct or indirect control to run targeted attacks. I think that is a plausible, serious risk that we do not care enough about and that we should do something about. There is a multitude of precedence starting from LavaBit over the wiretapping of jabber.ru^1, ANOM^2 to CryptoAG^3 that supports this conclusion.
For any target of sufficient value that a government would do that, yes.
Of course it doesn't happen anyway, because governments don't have some kind of secret access to CAs.
Now this is very bad, as bad as it can get. As soon as all local services will stop working in sanctioned countries, those countries' governments will force all users to either install a root certificate or lose access to all local services and websites. And then it will be possible to use that root certificate for MITM attacks. In the worst case scenario, after the majority of users will install the root certificate, state DPIs will MITM all traffic and will block all un-MITMable traffic.
Don't understand why you have been downvoted. Russian government have already attempted to push forward their root certificate for banking using Yandex browser, now this.
I mean really, if you use lets encrypt for anything that runs in a production environment, the responsible thing to do is build a fallback to switch to another provider in case LE has a bad day (or hits a brick wall and needs to say, enforce export restrictions).
Worth noting that Actalis requires you to register an account with them in order to acquire the necessary authorization token for their ACME API. This poses a privacy/anonymity issue for some users. Last I checked, Actalis' free tier didn't support SAN either.
Add.: I created an account just now to see "what's what" and also found the notice, "Activate your free 90 days certificates. At the end of the free year, the services associated with the certificates will expire." which sort of sounds like it's just a 1-year free trial.
can you please suggest any alternatives to switch to? i hardly can find any alternative which provides free service and is a non-profit org at the same time.
I think the EU should do it regardless of Russia. The EU should invest in its own technology and not depend so much on an increasingly undependable ally.
the wikipedia page has links to projects that removed CAcert where reasons are stated. the main one being that CAcert didn't complete a security audit or because they were not yet accepted by mozilla (because of the lack of an audit, but also because CAcert actually withdrew the request to be included). one group removed it because CAcert has a strict root redistribtion license that they can't follow.
Gotta love the word 'sanction'. It is it's own antonym!
"The committee sanctioned the new policy." (approved it)
"The committee sanctioned the rogue nation." (penalized it)
> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;
or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b). You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations
This is not an example of that. It is perfectly within US jurisdiction to prevent US companies from doing business with sanctioned countries. That is the point of a sanction, and US is in good company in choosing to use sanctions as a diplomatic tool.
It is more of an example of how the internet/software industry is too consolidated to the US, and thus other countries are too dependent on the US in those areas. If the internet infrastructure was well distributed, then people in sanction countries could simply get certificates issued by a different CA, and in some cases they can. However, this is complicated by the fact that the list of trusted CAs is dominated by US organizations (Google, Mozilla, Apple, Microsoft). If you want to reach western audience you must use certs from a CA approved by them.
Exactly. Ever since I was a kid I never understood how the US has jurisdiction way beyond their borders.
Then I graduated in International Relations and understood that the hole is much deeper than that.
Now it's pretty obvious with all the shit that trump has been doing, but back then me and much of the people I know were oblivious to what US power really means.
US law is something US citizens get to decide. If they think it's "batshit", they should vote accordingly. In this case sanctions seem a pretty good alternative to going to war.
Of course not! just find viable alternatives to Microsoft, Apple, Mozilla, YCombinator, Google, Intel, AMD, ...
In all seriousness, as an American I'd love to see a healthier, more well-distributed tech industry, but I don't see many companies stepping up to provide competing services. It's my understanding that china has alternatives to many of these products/services, but I really don't see how anyone in Europe could possibly use a US-free internet.
> but I don't see many companies stepping up to provide competing services
Maybe because the US dropped most of its anti trust regulations, leading to ridiculously monopolistic practices such as "acquire everything that may be threatening".
When was the last time you heard about a European cellphone manufacturer, or social media network, or web browser being acquired by an American monopoly?
I can only think of Nokia, purchased by microsoft in 2014. Those phones ran windows CE before that even, so you could hardly have avoided the american tech industry.
All I'm trying to say is, it's impossible for Europeans to both A) be on the internet and B) avoid the US tech industry.
I am not well versed in how their systemwide certificate issuance works: If they have to add this to their terms to comply with their government, could the same government use pressure to leverage let’s encrypt to do harm.
EU? There’s almost zero information on the company, no privacy policy? The only place I found any mention is the footer, “HID Global Corporation, part of ASSA ABLOY”. Assa Abloy seems Swedish but HID Global is a US company as far as a quick search goes. But without a proper company info page and privacy policy I wouldn’t consider it anywhere near a “good alternative” regardless.
Jumping in here since we’ve been seeing more mentions of ZeroSSL lately, likely related to the recent CA/B Forum discussions around 1‑year certificates and ACME automation.
- We’re based in Austria (ZeroSSL GmbH). The company was acquired by HID in 2024, which is part of Assa Abloy (Sweden).
- We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.
- For DV certs specifically, we act as a distributor. Under the hood these are Sectigo-issued certificates, similar to how other providers (for example Namecheap) operate.
Sectigo used to be Comodo's CA business. If memory serves, that business was purchased by a US PE firm and renamed "Sectigo". Sectigo Inc.'s corporate headquarters is now in Scottsdale, AZ.
There's no reason to believe they're any less subject to US jurisdiction than LetsEncrypt.
There were reason to believe they were less subject to US juridiction: their Subscriber Agreement is for "Sectigo Limited, a limited company formed
under the laws of England and Wales".
See https://www.sectigo.com/uploads/backgrounds/Certificate-Subs...
Sadly, their United Terms and Conditions in section 8.2 are even more restrictive than LE's.
They reject any entity
"located in, incorporated under the laws of, or owned (meaning 50% or greater ownership interest) or otherwise, directly or indirectly, controlled by, or acting on behalf of, a person located in, residing in, or organized under the laws of any country sanctioned under the laws of the U.S. or E.U."
See https://www.sectigo.com/uploads/backgrounds/United-Terms-and...
From a layman point of view, it could even mean that the ICC and the UN are prohibited from using Sectigo.
The Customer must have no "affiliates, officers, directors, or employees" that are on sanction lists, and the US have sanctioned some high-profile members of the UN and the ICC that spoke about the genocide in Gaza.
If they do business in the US they will be expected to comply with US law - this includes their stock being traded on US stock exchanges.
If they don’t have any business in the US and any financial ties to the US they won’t be subject to the sanctions. But I believe it will create issues if they want to enter the US market.
The privacy policy is under legal in the footer, exactly where I'd expect it to be honest. It also gives the company registration:
> 1.1. We, ZeroSSL GmbH, FN 443956b (the “Company“)
and below that the company address (registered in Austria).
Don't get me wrong, I agree that there is some lack of "who actually runs/controls this", especially on the about page where I expect such things to be.
At the very least it's not as transparent as I'd wish from a CA. E.g their Certificate Agreement is from Sectigo, so are they involved? No mention anywhere else from what I can see.
I use them in some cases to avoid the rate limits on LetsEncrypt, and they have better support for some older platforms (like ancient Android versions), and I'm pretty happy so far. I have a paid account to support them, but it's not a requirement for ACME certs. It works without issue with Kubernetes Certbot, and seamless to switch between ZeroSSL and LetsEncrypt.
I can't comment on the EU part though - not that relevant in my case.
There was some subtle issue with ZeroSSL's implementation of ACME that I ran into with, IIRC, lego and domain certs and there was a ~5 year old lego open issue about it. That was a couple years ago, might be fixed, but my understanding at the time was that it was an issue with Zero's ACME implementation, so there may be dragons.
From their docs[0] this doesn't seem to apply if using ACME, but they don't exactly make that clear...
> By using ZeroSSL's ACME feature, you will be able to generate an unlimited amount of 90-day SSL certificates at no charge, also supporting multi-domain certificates and wildcards. Each certificate you create will be stored in your ZeroSSL account.
Yeah, they don't make it that clear, but you get basically the same functionality as with LetsEncrypt for free, including wildcard certs. You basically only need to pay for manually issued certs, or some of their other additional features.
Is Let's Encrypt the only provider of SSL certificates?
Genuine question! Because I assumed there were other places you could get a SSL certificate, but people in this thread seem to be implying that without Let's Encrypt, there's no way for people in those sanctioned territories to get a cert.
If it was a genuine question, the genuine answer is it's the provider that democratised streamlined ACME certificate verification and made it for free
No account, no payment, a single bash command or a certbot that runs regularly and you have your own globally recognised certificate
Historically, providers used to make the most frictions so that they could justify absolutely crazy fees for signing any certificates. It doesn't goes down well in DevOps, it doesn't work with indies who don't have 3 to 4 digits figures to blow in httpS, everyone including organisations ended up making certificates authorities of their own to sign stuff... and let's encrypt was successful at making certificates easy, free and actually secure
> Also known as a monster-in-the-middle,[1][2] machine-in-the-middle,[3] meddler-in-the-middle,[4] manipulator-in-the-middle,[5][6] person-in-the-middle[7] (PITM), or adversary-in-the-middle[8] (AITM) attack.
This is bullshit on par with the Chinese firewall, meant to effectively prevent the (entire!) western world from information by parties deemed persona non-grata. SSL certificates are supposed to be about security, not geopolitics.
I'm pretty sure a LE server hitting an Iranian or North Korean endpoint and validating a crypto challenge does not break any OFAC or EAR rules, and no money changes hands. And if a non-US entity wants to do it, the US would just sanction them. Microsoft and Mozilla are certainly not going to include a North Korean or Russian state CA in the root trusted certs (and if they did, the US government could just threaten them with sanctions, too).
Hard not to say "we warned you" about making self-signed certs completely unusable in favor of a very centralized approach.
Depends on whether LE is compelled to terminate service to BGP AS numbers hosted in U.S.-sanctioned countries, and whether LE continues operating out of the U.S..
Depending on how you are supposed to read "You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations." it could mean that you are not even allowed to use LE certificate to provide services to sanctioned entities as a random non-US company/person.
I would imagine, as a CA that issues only DV certs, they'd disallow issuance to various ccTLDs, and perhaps stop newAccount registrations with email addresses at those ccTLDs. That's about as much as they could do - IP-blocking by region is ineffective and crude at best.
To be put in perspective with their push for very short live certificates, like 7 days, with the argument that anyone can easily get certificate from at any time.
But in fact, little by little you have all the stacks needed to be able to isolate some entities from internet at the us request in a very short time
the reach is by rough estimates ~2.5–6 million websites globally, 2–5 million of those in Russia and 0.3-1 million in Iran
Whatever USofA, it's not hard to have their own cosmodrome and certificates.
Tangential, in 2026 website certificates feel like nothing, disposable automation artifact, toxic max-security[1], vehicle for those who rent seek, fingerprint.
The uninteresting version of this is “US entity follows US law.”
The interesting version is that Web PKI is not just cryptographic infrastructure. It is also a policy distribution system. A browser trust store, a CA, a subscriber agreement, revocation rules, export controls, and sanctions law all end up in the request path of "can this site speak HTTPS to normal users?"
That does not make Let’s Encrypt uniquely bad. Any CA has some jurisdiction, owners, contracts, root-program obligations, abuse process, and legal exposure. Moving the CA changes the governance surface; it does not remove governance.
But it does mean "just use Let’s Encrypt" is not a neutral answer when protocols, browsers, APIs, app stores, or regulators effectively require TLS. The operational dependency is not only ACME uptime and certificate issuance. It is also jurisdictional continuity.
The hard product question is what failure mode we want:
1. Web PKI: power concentrates in CAs, browsers, and root programs.
2. DANE/DNSSEC: power shifts toward DNS operators, registries, registrars, and governments.
3. Self-signed / TOFU / pinning: power shifts toward application-specific trust and worse UX.
4. Multiple CAs: better resilience, but still bounded by browser trust stores and legal chokepoints.
There is no apolitical trust system here. There are only different control planes with different failure modes.
The practical ask from Let’s Encrypt should be clarity: issuance vs renewal vs revocation, existing certs vs future certs, domain location vs subscriber location, hosting location vs user location, and how they interpret “use” of a certificate. Without that, operators are left guessing whether this is a narrow compliance clause or a broad infrastructure-risk event.
I had the parent organization of LetsEncrypt (Internet Security Research Group) in my Will, but after reading this, I will remove it immediately. US sanctions harm too many innocent people.
Europe starts to shield itself from the risk since Nicolas Guillou, the French ICC judge who issued a warrant against bibi got sanctioned (France officially protested about this case)
China is being successful at blocking US firms out of their supply chains (they already use Linux on Loongarch processors with some homemade architecture and pioneer RISC V), since a bunch of their companies also got sanctions for supplying the governement
US stands so much for freedom that it's the first country to refuse immigration to FIFA world cup teams and athletes, with Iranians not allowed to stay between games and Somali goalkeeper being turned away at the border. Germany itself didn't do for the 1936 Olympics.
So at best, they're only shooting themselves in the foot by showing any US component in a supply chain is a risk, while using US clouds were already a risk of loss of revenue from FISA requests to undercut your bid and rot your company and using US dollars for trade was already a liability
In the meantime, US companies can do anything, break any financial law and abuse every human right, they'll just sign DPAs to avoid prosecution
Your comment reads like a thought-terminating cliché. If Russia occupied your city, killed your family and friends and left you homeless, you might reconsider giving freedom to those who take it away from others. Unfortunately, sanctions are often very easy to evade.
it can't happen, they only attack civilians in countries that have weapons of mass destruction or have a evil economic system of socialized healthcare and labor market
They also don't like states that threaten business by turning workers into a commodity that you have to compensate each month ; Spain sunk the Maine ; and they had manifest destiny given from God to get rid of natives
It took me a minute to understand the original post because the verb sanction means both itself and basically the opposite of itself. It would be better to say "any territory that the US has levied sanctions against". I thought LetsEncrypt had banned its usage in the US! The word for words like sanction is contronym.
> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target
of comprehensive U.S. sanctions; (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;
or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b). You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.
Let's Encrypt’s mission is to create a more secure and privacy-respecting web, except for people residing in countries with the most need for a more secure and privacy-respecting web. Sure, that's great.
That said, pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries. I'm sure some of y'all are old enough to remember when web browsers came in "international friendly" versions that supported 40 bit encryption, or "fancy secure" versions with 128 bit encryption.
I’m actually old enough to remember how PGP code was exported as a book printout because exporting computer code for cryptography with strong keys in digital form was disallowed but a book was fine (protected by first amendment rights). The printout was scanned abroad to reconstitute the source and build pgp legally.
Seems in all thing tech at the moment the US legal system is accelearting a great split and erectinga digital iron curtain, from AI models to the more mundane like TLS certs. Its been standard for a while for many Linux distros based in the US to toe the party line - like RedHat having notices pretty similar to this one by LE. Seems any meaningful Open Projects will have to choose what path they want to take, be like RISC-V and relocate or LE and others and enforce the divide.
The RISC-V move was laughable. It’s still US tech, developed largely with DARPA funds.
So what? If I disagree with the direction any FOSS project (or its maintainers) is taking... I can just fork it. People have done that countless times in the history of FOSS, most notably in the xOffice schism.
> pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries
This is most likely OFAC. Lets Encrypt could apply for a license to do business with sanctioned entities, and given their use case it would most likely be approved.
https://ofac.treasury.gov/ofac-license-application-page
OFAC regulates commerce, not speech. Let's Encrypt is not doing "business", they're operating a free informational service. Lots of organizations interpret any information exchange as subject to OFAC regulation, and you and Let's Encrypt have good company in this interpretation, but I think it's unnecessarily ceding ground.
The government may use as wide of an interpretation of commerce as they can get away with. We've seen this happen before [0]. Sure, Let's Encrypt isn't taking money from the entities they offer certificates to. But the OFAC desk jockey assigned to that case only has to concoct some sufficiently plausible-sounding trail of money connecting the backing 501(c)3 and a sanctioned entity in order to bring them to court, and the legal team will not like that risk, even if it's unlikely for OFAC to win.
[0]: https://en.wikipedia.org/wiki/Wickard_v._Filburn
It could also be an easy way to not have to implement backdoors for the government/military.
What "backdoor" would Let's Encrypt even implement? That's not how a CA works.
They might be compelled to issue a certificate to an unauthorized (by browser PKI policies, not local law) entity, but that would be very conspicuous due to Certificate Transparency.
I suspect any "backdoor" would be inserted at the protocol level. See https://web.archive.org/web/20130918135152/http://www.thegua...
How would they do that? The ACME protocol is "take the basic artifacts you use for certificate signing, wrap them in JSON (cryptographically, using standard JWS), then send them over using HTTP + TLS." Every part of that is something for which there exists a buttload of implementations in whatever language you care to use.
If you truly need a secure and private web you should be using tor.
Say what, now?
Anonymity and encrypted communication are two very, very different things. Have one but not the other and you're essentially handing off your private data incl. passwords to whoever that has a tap on the communication between you and the server can fetch them, too. Have the other but not the one and everyone will know who you are, but they can't eavesdrop.
I've had people straight up serve me malware when you attempt to OSINT them with Tor. Sometimes you need different kinds of anonymity, and I see a lot of one sized fits all proclamations on HN.
Couldn't LE have a branch in Europe or anywhere outside the USA and its minions?
Because they're betraying their own goals, as stated in their About page: “It is a service run for the public’s benefit. [...] Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. [...] Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.” Now they own they are under the control of a political organization.
Here is the paragraph Let's Encrypt added to their Subscription Agreement on 2026-06-04:
> You are not a person or entity that is:
> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions;
> (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;
> or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b).
> You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.
They could, but if the branch didn’t follow these laws, the main US branch would still be liable.
It's about time SOME entities start moving from US entirely.
RISC-V Foundation did.. though they go out of their way to talk about it in terms that try not to piss anyone off..
> "Across 2018-2019, the RISC-V community has reflected on the geo-political landscape and we have heard concerns from around the world that investment in RISC-V must come with IP access continuity to ensure a long-term strategic investment. We first mentioned our intentions to move at the December 2018 summit. Incorporation in Switzerland has the effect of calming concerns of political disruption to the open collaboration model. RISC-V International does not maintain any commercial interest in products or services as a non-profit, membership organization. There have not been any export restrictions on RISC-V in the US and we have complied with all US laws. The move does not circumvent any existing restrictions, but rather alleviates uncertainty going forward.
> In March 2020, the RISC-V International Association was incorporated in Switzerland. Along with this, we shifted to a new, more inclusive membership structure. Members of RISC-V International have access to and participate in the development of the RISC-V ISA specification and extensions as well as related hardware and software. RISC-V has a Board of Directors composed of member representatives as well as a Technical Committee of work group leaders."
> RISC-V International has not incorporated in Switzerland based on any one country, company, government, or event. This move is reflective of community concern and managing strategic risk for our community investing in RISC-V for the next 50+ years.
> The IP contributed and produced by RISC-V International is held under industry and global standard licenses that are already open to leverage by any company regardless of jurisdiction. This licensing is a common open source approach to foster collaboration that is not tied to any geographic regulation. IP in the public domain has not been subject to export control.
https://riscv.org/about/
The RISC-V foundation and related companies also got a bunch of money from Europe. I am not so sure this was about leaving a repressive regime as much as chasing the European "homegrown computing" money.
This is part of why the EU is looking to move away from US-based infrastructure. The CLOUD Act basically lets Washington have an off-switch on your computing infrastructure as well as giving Washington unlimited access to any data on your computers (or that passes through them).
Other countries sanction each other too.
They mostly don't.
Or rather, when other countries say "sanctions", they are almost always talking about something completely different than the United States.
This is not about countries sanctioning each other. This is the US sanctioning a local company because a foreign company doesn’t follow certain US laws in foreign soil, where such laws don’t apply.
It’s a bit like the US arresting your mom at home in Texas because you ate a baggie of magic truffles in Amsterdam.
You're being very vague. Please explain what you mean? I don't see anything here about the US "sanctioning a local company," and I'm not aware of that being possible under US law.
Please see my answer to the sibling comment.
"Clarifying Lawful Overseas Use of Data (CLOUD) Act."
The way you are using these words seems to indicate you might be confused about how this works.
The US has not "sanctioned" LetsEncrypt or ISRG. The US sanctions foreign entities as punishment for various reasons precisely because they are not subject to US law. That's the entire point of leveraging a sanction -- to pressure those outside of your legal jurisdiction. If they were in your jurisdiction, you'd simply arrest them.
People and organizations basically anywhere not permitted to do business with anyone your country has sanctioned. Anyone who does business internationally should be aware of their country's sanctioned list. That applies no matter where you live on the planet.
This is not that though.
This is literally about a company that has a branch in the USA and another branch in another country, where it's bound by that country's laws. If the foreign entity which just so happens to be commercially linked to the one in the USA has any dealings with countries sanctioned by the US, the US branch is punished.
There was a case a few years ago where a public University in Brazil bought lab computers from Dell Brasil. Dell Brasil is a subsidiary of Dell, but it's 100% incorporated in Brazil, the computers were manufactured in Brazil, everything following Brazilian law. The computers were delivered with terms of service that prohibited them from being used for any dealings with US-sanctioned countries such as Iran and Cuba. The University was caught by surprise and questioned it, since they had many academic links with Cuban Universities, and Dell Brasil explained that.
I don't know how the whole ordeal ended. The Brazilian Federal Government got involved, I believe the Ministry of Exterior and the Ministry of Commerce and Industry both got involved and were at one point going to sue Dell Brasil. I suspect it ended with the University returning the computers and purchasing from another supplier.
The suggestion that Let's Encrypt could work around US sanctions by opening a branch in the EU falls under similar conditions, and the US branch would be liable if the EU subsidiary had dealings with US-sanctioned countries.
Incorporating a subsidiary in a foreign country doesn't make the parent company immune to the legal obligations it has in it's home country. It would be absurd if that were the case. Sometimes people try setting up subsidiaries overseas to hide their evasion of the law, but it is illegal to do so.
> Incorporating a subsidiary in a foreign country doesn't make the parent company immune to the legal obligations it has in it's home country.
We're not talking about legal obligations in its home country though. I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher. (Of course it would be a crime for either the parent or the subsidiary to sell to 19 year olds in the US)
(No-one is blaming Dell or Let's Encrypt here, to be clear, it's the US' excessive extraterritorial laws that are the problem)
If you are in the US you must ensure that your local company, and any sub-entity you control abroad complies with sanctions law. That is US law, and the US can apply that law to Dell the parent company, because it is in the US and controls the subsidary.
> I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher.
Because there is no US law that says you cannot sell alcohol to people abroad under 19. Heck, there's no US federal law that says Jack Daniels can't sell to people in the US under 19, either. And in fact, there are some places in the US where you can legally drink at 18, e.g. Puerto Rico. But if the US congress wanted to pass one of these laws and enforce it, it could.
US sanctions law saying that you must not transfer X from the US to Iran, directly or indirectly, is reasonable. US sanctions law saying that you must not transfer X from Brazil to Iran is gross overreach. Yes, of course the US can apply its absurdly extraterritorial laws to any parent company in the US, just as Iran could penalise any Iranian company whose US subsidiary distributed a depiction of the prophet or whatever, but that doesn't make it good law or good practice.
That's a fair opinion to have.
But the US isn't really unique in applying their laws extraterritorially. See GDPR, Universal jurisdiction laws, China's National Security Law, etc... Every jurisdiction with sizable power does it. Some of these are even more extraterritorial in scope than US sanctions are.
You may call it a subsidiary all you want, but it's still a company that's wholly incorporated in foreign soil, doing business in foreign soil.
At least in Brazil, companies that operate there must obey local laws. What happens when those laws are in contradiction with US laws, like in the example I cited? Is Brazil supposed to cave? Is Brazil supposed to keep fining Dell Brasil until it folds? Maybe prosecute Dell Brasil's directors for actively and repeatedly disregarding the law and fines?
How does that work on a global scale?
I'll say again, this is not about a US company opening a foreign subsidiary to do things in the US that are forbidden in the US. This is about a company incorporated abroad having to follow US laws while operating wholly abroad. This is a breach of sovereignty however you look at it.
It is plainly routine for a company to have to deal with multiple legal jurisdictions at a time.
Yes, sometimes this causes compliance complication. This isn't unusual, it happens frequently.
Ultimately, every government exercises the laws of their country as they see fit, using the enforcement tools they have available to them. These rules often extend outside of their borders and apply to foreign or partially-foreign entities depending on the situation. The only limits on this are the practical means of enforcing it.
Dell Brazil would have been subject to Cuba sanctions because it was controlled by the US parent company. The US has obvious jurisdiction over Dell Technologies the parent company, and the nexus to enforce it.
Nothing you are are describing is even remotely unique to the US. No country is going to let you set up a foreign subsidiary to launder goods around sanctions law. If they did, everyone would do that and nobody would ever follow sanctions.
Just close down completely in the US and move to the EU
And then what? Be subject to similar sanctions from a different governing body?
e.g. https://www.consilium.europa.eu/en/policies/sanctions-agains...
It shouldn't be located in Europe (because, as you said, US minions are no better than the US itself). Instead it should move to a neutral country, somewhere like Singapore or Uruguay.
Suddenly the idea of having a CA hosted in space on a satellite issuing certs seems like a good idea.
New startup idea: Starlink for TLS.
Let's encrypt is not some code or even a company that you can split into different branches. Their existence is one based on trust relations that let's encrypt has with browsers and operative systems. It is in one part similar to both domain names and IP address space, in that the technical aspects of creating alternative roots is almost trivial in comparison to getting the trust that is required for an alternative root to be accepted by the rest of the world.
Let say someone created an Russian Let's Encrypt. It has all the technical aspects as regular LE in that you can request a certificate and get one through an acme challenge. That is all great and all, but no browser will recognize it as valid. No operative system will recognize it as valid. The Russian state might add the new LE as valid for government computers, but the real work would be to get any other participants in the world to do the same. The issue is not a technical one but rather a social one that is built on trust.
When Russia invaded Ukraine there was a major discussion if IANA/ICANN should have disconnected Russia from domain names and IP addresses. That discussion ended on a decision to not do that because the symbolic benefit was deemed minor compared to the harm to the system in large, especially once the war end. If you got two roots, then a domain name or IP address can now suddenly have two locations, and it would be a massive pain to try fix it even if people wanted to fix it. Certificate Authorities do not share this trait since there can be an almost unlimited number of roots and none of them can conflict with each other (assuming no hash collision). If Russia spins up a new CA then people can use that one today if they want to, and they can continue to do so after the war has ended.
completely independent entity would be far better option. Protocol is open after all, just need pointing to different vendor
Took me a minute to parse the headline -- Sanctioned as as in "imposed penalty" (ie "sanctions"), not as in dictionary definition #2 "official permission or approval".
Perhaps because "US territories" are a thing, perhaps because it's way more newsworthy if LE bans the US, or perhaps im just a dummie.
Iran is blocking internet for months, US ...bans creation of secure connections - that'll show 'em!
Russian quasi-government structures are spending quadrillion of rubles on a TSPU (censorship system) to spy on Russian residents, US ...helps them by making snooping on what is currently encrypted traffic possible by banning accessible encryption!
Let's Encrypt certificates continue to be available in both Iran and Russia, just not for the Iranian and Russian governments.
The terms of service update to clarify what we have always done, comply with relevant law, has not changed the situation for either country.
> Let's Encrypt certificates continue to be available in both Iran and Russia, just not for the Iranian and Russian governments.
According to https://news.ycombinator.com/item?id=48457280 it affects all people ordinarily resident in those territories, not just their governments:
> You are not a person or entity that is:
> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions;
> [other 'or' conditions]
Sanctions compliance is unfortunately fairly complex.
Let's Encrypt can issue certificates for non-government entities in Iran and Russia due to statutory exemptions protecting personal communications, alongside specific Office of Foreign Assets Control (OFAC) authorizations designed to promote Internet freedom and human rights.
We will look into whether we can make things more easily understandable in the subscriber agreement.
I wonder what "ordinarily resident" means legally. Like has a permanent address there, even if they don't live there physically..?
Yes. If you are, for example, even a US citizen, permanently living in Crimea, you are still subject to limitations, imposed by sanctions.
you should update the documents to reflect this stance.
"You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; "
this says nothing (edit: specific) about government (edit: only), and is applicable to normal people in those areas.
A government falls under "entity". So it's about normal people AND governments (and other entities).
Still needs updating if it's supposed to only apply to governments, though.
[Iranian here] Completely agreed. Reminds me of how US banned citizens and businesses in Iran from using cloud infrastructure like AWS or digital ocean, leading to people and businesses moving to the government-sponsored local cloud services, and that made it super easy for the government to block internet access whenever they want without essential services like banking, ecommerce, online taxi booking, food delivery etc being disrupted.
wait until you find out about Facebook!
This somehow confirms my gut feeling that digital certificates are mainly a means to enforce exclusion on behalf of the certificate authority ownership. It is a tool to prevent people from taking full ownership and control of whatever is affected by digital certificates, be it software, firmware, hardware, or as in this case SSL/TLS. That's digital tyranny in disguise.
While it seems like certificate authority has the primary control here, the real control lies in browsers and operative systems in which certificate authorities are trusted. Users also have, at least for the moment, control to add or remove certificate authorities, even if that control is slightly less clear for devices like smart phones.
Digital certificates that signs software packages are used to enforce exclusion by some manufacturers. Let's encrypt is not in that space to my knowledge, but it is a place where you the owner do not have the right to determine which certificate authority should be trusted, and generally the only one that is trusted is the manufacturer. Its arguable if we even should be calling such entities a certificate authority, even if they technically are the owner of the root certificate that signs the package.
I always saw it as a trust-chain and think that anyone is welcomed to create a root certificate and distribute it to whomever trusts them. Most simple services may not need TLS, but with the ISPs eavesdropping on our communication, a form of secure communication is required and the currently best solution we have requires a trust-chain to be built.
The problem is that finding a root source of trust aren't easy this days. LE was neutral, now nobody is.
Russian government issued their new root certificate years ago.
Nobody trusted it enough to request a certificate from them or install it on their computers. Including almost all of the russian residents.
If Let's Encrypt enforces the rules, as written in pdf, a lot of people would lose a choice.
Frankly, even publishing a statement like that would make the scales of trust tip for some.
It is such a great improvement that ISPs cannot eavesdrop us anymore... only for everyone to terminate TLS at cloudflare so they (and thus US government) can now eavesdrop everyone.
We could, and should, switch to DANE. Or else, switch to how X.509 was supposed to be used, with each country running a CA for their nationals.
I trust governments much less that a conglomerate of competing corporations.
With all the problems with Web PKI, at least the bad actors are getting distrusted, and this provides a very strong enforcement on the rest. And Certificate Transparency makes sure the mis-issuance would be caught. It is not perfect by any means, but things are getting better.
With DANE (or other country-issued certificates), every government will absolutely double-issue certificates to police, secret service and friends of goverment, and no one will have any recourse. (In the past I'd say that only countries like Russia would do it.. but with today's climate, I am sure both US and many European countries will do that too)
I'm not really in favor of DANE, because DNSSEC is such a mess ... but.
Certificate transparency is nice. Browsers could require it for DANE certificates, just like they require it for current Web PKI certificates.
The people controlling the TLD of interesting can exert control over the domain of interest in order to issue a DANE certificate. But they can also exert control over the domain of interest in order to request a domain control certificate, so widespread use of DANE wouldn't add any new adversaries. If DNSSEC wasn't a mess, and DANE replaced WebPKI, we would eliminate the risk from CAs without adding a new risk --- TLDs (and the DNS root) are existing risks.
> every government will absolutely double-issue certificates to police, secret service and friends of goverment, and no one will have any recourse.
Countries already have CA that issue certificates with more legal force than a handwritten signature. I can open a bank account, pay my taxes and sign up to all government services. But I can't use them for a webpage.
> With DANE (or other country-issued certificates)
DANE isn't a country-issued certificate. It's a scheme where you store your public keys on DNS records. Of course, now we have the issue that DNSSEC (signed DNS records) isn't widespread and the whole issue with DNS registries.
DANE is entirely dependent on DNSSEC, and DNSSEC is, by design, under the government control, with all the bureaucratic mess and mistakes this implies.
This would be pretty terrible if anyone actually cared about DNSSEC, but luckily for us, no one cares.. So let's keep things this way.
You obviously don't know how DNSSEC works. The DNS root of trust is ICANN, not a government.
> I trust governments much less that a conglomerate of competing corporations.
There’s no essential difference between the two from my perspective. Why are these my only choices?
What other choices are there?
An international body might work, or just move the issue one step back.
One, in a democracy, is accountable to adults in the same jurisdiction. The other is only accountable to those with financial ties to its success.
>One, in a democracy, is accountable to adults in the same jurisdiction
Or so they say. How's that been working out in practice?
Pretty well, in my experience.
Pretty much any big government has a CA they can exert direct control over whenever needed.
Maybe, but then can only do it once. Then they get caught, and their CA is distrusted. See Diginotar [0] for example.
And things only gotten better since - we now have CT logs, and browsers require them, so any mis-issuance can be detected automatically, by any interested third party.
If we go to DANE, we lose this all. "Oops, our CT uploader process failed, we will fix Real Soon(tm) we promise" - and what are browsers going to do? Distrust the entire country?
[0] https://blog.mozilla.org/security/2011/09/02/diginotar-remov...
Side note: “DigiNotar BV was a Dutch certificate authority from 1998 to 2011. It was acquired in January 2011 by VASCO and subsequently declared bankrupt in September of the same year” [1].
I didn’t realize the slapped their face on the pavement right after being acquired.
[1] https://en.wikipedia.org/wiki/DigiNotar
The Dutch government didn't exercise control over Diginotar.
In the Dutch hacker scene, Diginotar was a meme. Everyone knew it was a mess there.
> I always saw it as a trust-chain and think that anyone is welcomed to create a root certificate and distribute it to whomever trusts them.
Note that phones already try to prevent you from using a certificate that you provide yourself.
"Try to prevent"? What does that mean?
Do we also need to put all our letters into strongboxes before we send them?
Maybe we should have solve the ISP snooping problem by making that illegal instead.
> Do we also need to put all our letters into strongboxes before we send them?
If it were as cheap and efficient as TLS these days, yes, absolutely
> Maybe we should have solve the ISP snooping problem by making that illegal instead.
We could do both! ISP snooping is still a problem for metadata (SNI).
This just leaves every single public Wifi network - which used to mess with traffic a lot
Guys, we live in a society.
The entire point of a trust model is to exclude people. That's the stated goal.
If you want encryption without trust, just use self-signed certs.
If you don't care about who you're talking to, why use certificates at all?
The problem is that the current trust model is totally untrustworthy.
Philosophically, trust isn't a "solvable" problem. It can only be mitigated to varying degrees. However, some degree of trust is probably better than none.
One thing is sure, pinning trust on trust chains down from Root Certificate Authorities is fundamentally incompatible with our notion of trust and an almost absurd idea to start with. Most people using a browser don't even know any person from such an organization nor would or should they have any rational reason to trust them.
> our notion of trust
I suspect I may have a different notion of trust than you
> Most people using a browser don't even know any person from such an organization nor would or should they have any rational reason to trust them.
Back up one step further -- most people using a browser don't understand the problem set we're talking about even exists
> This somehow confirms my gut feeling that digital certificates are mainly a means to enforce exclusion on behalf of the certificate authority ownership. It is a tool to prevent people from taking full ownership and control of whatever is affected by digital certificates, be it software, firmware, hardware, or as in this case SSL/TLS. That's digital tyranny in disguise.
I think the "digital tyranny" is a side effect, not the main goal. They're "mainly a means" to prevent certain kinds of MITM attacks.
I always thought the main goal was to force people to pay money for certificates.
Let's Encrypt certificates are free.
You could that with a much saner approach like DANE.
Not back when SSL and the PKI ecosystem was developed.
It seems that, as soon as you transact with a sanctioned entity, you are globally in breach of the agreement and risking the revocation of all your certificates — also the ones for non-sanctioned countries.
Front matter:
2.1 "Term": 3.1 "Warranties":Is this actually new? Looks like a standard US export restriction for encryption technology to me. These sorts of restrictions have been around since the '90s.
Let's Encrypt becomes subject to US export restrictions on cryptography if they are a US company, or if they post anything to github or post anything to major app stores. Every app I have ever posted to Google Play has had to submit a form to the US government declaring what use they make of cryptography.
These restrictions have been in force since that late 1950s (with a long and complicated history with respect to computer cryptography). This particular text looks like a boilerplate restriction, that's required to comply with US EAR export requirements to me.
A certificate is not cryptography, though, it's a number. The entity requesting the certificate already has the cryptographic software installed on their servers, as do the clients trying to connect to them. There's nothing technologically special about the number, it's all in the realm of the social contract, in that it has been blessed by a chain of trust.
Organisations that are serious about promoting privacy should have been avoiding the US since the '90s and/or '50s, but the second best time to reincorporate in a safe jurisdiction is today.
Is this a canary?
What's gonna happen if I were to begin or continue using one letsencrypt certificate from ... Greenland? Cuba? The EU?
Has letsencrypt been served with a subpoena?
> Has letsencrypt been served with a subpoena?
While it's certainly possible that ISRG has been served a subpoena because it appears the US DOJ is now a mix of hacks and incompetent buffoons, it wouldn't matter because the whole point is that they don't know anything - what you told them is literally logged publicly for everybody to see without even knowing how to spell "subpoena" let alone issue one.
Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena - but the whole fucking point of a Public Key Infrastructure is that we're using Public Key Encryption, if we were OK with everybody having secrets all over the place this entire thing wouldn't be needed.
> Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena
LetsEncrypt certainly doesn't, but I've seen certificate storefronts that generate the key on their side and provide you the key and the certificate, so you don't have to figure out how to generate a key.
They have the secret of the private keys used to sign certificates.
Looking at LavaBit^1 I really would not be so comfortable. The world and especially the US has not gotten more free since then.
[1]https://en.wikipedia.org/wiki/Lavabit
They could mint certificates, for / about any name. But, those certificates won't work in popular applications unless the certificates include proof of logging.
So to be effective this means a hypothetical bad actor (maybe the US government or anybody else) issues bogus certificates, then either logs them - making a permanent record for everybody to see, or also subverts two or more logs, so that they issue bogus proofs.
This is a very expensive one shot attack on whatever the target would be, I guess it's not stupider than "Let's bomb Iran for no good reason" but it's up there.
For the vast majority of cases, would anyone notice these malicious certificates being created and logged?
I don't subscribe for my personal domains, because who cares, but when I was in charge of certificates for something important I subscribed to notifications from several providers to make sure I didn't miss anything.
I would like to think at least all the high profile destinations have someone watching.
What constitutes the "vast majority" ? Periodically I check mine, and I sometimes have reason to check others, I no longer run my own log auditing (I did when I worked somewhere else because it was close to my main field of interest) but other people do.
How can you check other people's certs? How do you know whether a cert issued is authorized by them or not?
The only one who can check for maliciously published certs is the entity authorized to request them. I think most companies are happy when they manage to have valid, not expired certs and do not care too much about making sure there are not too many of them.
You are right that if the state would start issuing malicious certs en mass that would be found out quickly. But I think very targeted selected operations against entities where they know the entity is unlikely to surveil for unauthorized certs are very much possible.
I'm not arguing for going into conspiratorial thinking and claiming CAs are all compromised and issuing malicious certs all the time. But I do think that it is feasible for states to use CAs under their direct or indirect control to run targeted attacks. I think that is a plausible, serious risk that we do not care enough about and that we should do something about. There is a multitude of precedence starting from LavaBit over the wiretapping of jabber.ru^1, ANOM^2 to CryptoAG^3 that supports this conclusion.
[1]https://notes.valdikss.org.ru/jabber.ru-mitm/ [2]https://en.wikipedia.org/wiki/Operation_Trojan_Shield [3]https://en.wikipedia.org/wiki/Crypto_AG
For any target of sufficient value that a government would do that, yes. Of course it doesn't happen anyway, because governments don't have some kind of secret access to CAs.
Neither Greenland nor the EU has been sanctioned by the US.
They haven't been sanctioned, yet, but we live in a time where that's a real possibility.
Have you heard about the judge from international court or whatever it is called?
https://www.france24.com/en/americas/20250820-us-hits-icc-wi...
Are you saying the ICC is the EU? Or that it's Greenland?
Yet.
So far
It is not exactly an outlandish suggestion that this may happen.
Now this is very bad, as bad as it can get. As soon as all local services will stop working in sanctioned countries, those countries' governments will force all users to either install a root certificate or lose access to all local services and websites. And then it will be possible to use that root certificate for MITM attacks. In the worst case scenario, after the majority of users will install the root certificate, state DPIs will MITM all traffic and will block all un-MITMable traffic.
Don't understand why you have been downvoted. Russian government have already attempted to push forward their root certificate for banking using Yandex browser, now this.
Maybe consolidating ~60% of the web's certificates on to a single provider was a mistake.
Well good thing everyone using the provider is using an open protocol and it's stupid easy to switch
Which free CA should I use instead of lets encrypt that has same browser support?
Actalis, based in Italy offers a free tier, with ACME https://www.actalis.com/subscription
ZeroSSL from Austria also has a limited free tier. https://zerossl.com/pricing/
I mean really, if you use lets encrypt for anything that runs in a production environment, the responsible thing to do is build a fallback to switch to another provider in case LE has a bad day (or hits a brick wall and needs to say, enforce export restrictions).
Worth noting that Actalis requires you to register an account with them in order to acquire the necessary authorization token for their ACME API. This poses a privacy/anonymity issue for some users. Last I checked, Actalis' free tier didn't support SAN either.
Add.: I created an account just now to see "what's what" and also found the notice, "Activate your free 90 days certificates. At the end of the free year, the services associated with the certificates will expire." which sort of sounds like it's just a 1-year free trial.
ZeroSSL / BuyPass
Buypass no longer issues TLS certs since last year.
can you please suggest any alternatives to switch to? i hardly can find any alternative which provides free service and is a non-profit org at the same time.
This should be one of those things that should be an quick EU win. Running Let's Encrypt is $3-4mill a year, the EU probably uses that on pencils.
The EU could easily bootstrap a Let's Encrypt competitor if it truly cared about removing dependencies on US based entities.
Yes, but EU would have to convince Google and Apple to get a new root certificate to browsers.
Not really. They just have to convince an existing CA that cross-signing their CA won't make Google and Apple mad.
Cross-signed roots are common. Just takes money and maybe audits, but it's the same audit they'd need to get in the browser root stores anyway.
Do you really think the EU wants to sign up for PR that’s essentially “the US is being too mean to Russia” right now?
I think the EU should do it regardless of Russia. The EU should invest in its own technology and not depend so much on an increasingly undependable ally.
Weird. The copy I read says they have just deleted that section of their user agreement.
Can anyone explain me what went wrong with http://www.cacert.org/ and why they are not supported by any major browser ?
the wikipedia page has links to projects that removed CAcert where reasons are stated. the main one being that CAcert didn't complete a security audit or because they were not yet accepted by mozilla (because of the lack of an audit, but also because CAcert actually withdrew the request to be included). one group removed it because CAcert has a strict root redistribtion license that they can't follow.
LWN has a good writeup on the audit situation as of 2014: https://lwn.net/Articles/590879/
Gotta love the word 'sanction'. It is it's own antonym! "The committee sanctioned the new policy." (approved it) "The committee sanctioned the rogue nation." (penalized it)
There are many autoantonyms in traditional English, e.g. cleave.
> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations; or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b). You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations
Makes sense, they are US company. I am surprised it took them that long.
"US company must obey US law" doesn't make for a very interesting headline.
"The world should stop trusting the US companies" OTOH...
more optimistic would be "World should decentralize America's trust"
The headline is more « US law is batshit and extends well beyond its borders with real world consequences »
This is not an example of that. It is perfectly within US jurisdiction to prevent US companies from doing business with sanctioned countries. That is the point of a sanction, and US is in good company in choosing to use sanctions as a diplomatic tool.
It is more of an example of how the internet/software industry is too consolidated to the US, and thus other countries are too dependent on the US in those areas. If the internet infrastructure was well distributed, then people in sanction countries could simply get certificates issued by a different CA, and in some cases they can. However, this is complicated by the fact that the list of trusted CAs is dominated by US organizations (Google, Mozilla, Apple, Microsoft). If you want to reach western audience you must use certs from a CA approved by them.
The only countries that do not have sanctions are the ones who lack the economic leverage to do so. All developed countries have them.
Exactly. Ever since I was a kid I never understood how the US has jurisdiction way beyond their borders.
Then I graduated in International Relations and understood that the hole is much deeper than that.
Now it's pretty obvious with all the shit that trump has been doing, but back then me and much of the people I know were oblivious to what US power really means.
US law is something US citizens get to decide. If they think it's "batshit", they should vote accordingly. In this case sanctions seem a pretty good alternative to going to war.
This is not specific to US law ...
It is however a reminder that "just use LE" is not a valid response to concerns about protocols/APIs/browsers/etc requiring TLS.
That's just another reminder that no one from outside of US should deal with US companies.
Of course not! just find viable alternatives to Microsoft, Apple, Mozilla, YCombinator, Google, Intel, AMD, ...
In all seriousness, as an American I'd love to see a healthier, more well-distributed tech industry, but I don't see many companies stepping up to provide competing services. It's my understanding that china has alternatives to many of these products/services, but I really don't see how anyone in Europe could possibly use a US-free internet.
> but I don't see many companies stepping up to provide competing services
Maybe because the US dropped most of its anti trust regulations, leading to ridiculously monopolistic practices such as "acquire everything that may be threatening".
When was the last time you heard about a European cellphone manufacturer, or social media network, or web browser being acquired by an American monopoly?
I can only think of Nokia, purchased by microsoft in 2014. Those phones ran windows CE before that even, so you could hardly have avoided the american tech industry.
All I'm trying to say is, it's impossible for Europeans to both A) be on the internet and B) avoid the US tech industry.
Nokia phones ran mostly on SymbianOS
Actalis https://actalis.com/ is a good EU alternative.
No it isn't. Not unless it's free.
This is the main reason letsencrypt is so popular.
They do have a free plan with unlimited ACME DV certs, though! Not marketed very well and no wildcard certs, but it does exist.
Had to look for but found: https://www.actalis.com/activate-free-plan
There is a free offering.
It their right to do that.
But can we still trust them?
I am not well versed in how their systemwide certificate issuance works: If they have to add this to their terms to comply with their government, could the same government use pressure to leverage let’s encrypt to do harm.
Has anyone got any experience with Zero SSL? https://zerossl.com/ It seems like a good EU alternative.
EU? There’s almost zero information on the company, no privacy policy? The only place I found any mention is the footer, “HID Global Corporation, part of ASSA ABLOY”. Assa Abloy seems Swedish but HID Global is a US company as far as a quick search goes. But without a proper company info page and privacy policy I wouldn’t consider it anywhere near a “good alternative” regardless.
Jumping in here since we’ve been seeing more mentions of ZeroSSL lately, likely related to the recent CA/B Forum discussions around 1‑year certificates and ACME automation.
- We’re based in Austria (ZeroSSL GmbH). The company was acquired by HID in 2024, which is part of Assa Abloy (Sweden).
- We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.
- For DV certs specifically, we act as a distributor. Under the hood these are Sectigo-issued certificates, similar to how other providers (for example Namecheap) operate.
Happy to clarify further if useful.
> - We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way.
OK, but in the context of this topic thr interesting part isn't your marketing but your jurisdiction.
Could you clarify which jurisdiction you operate under and a link on the ZeroSSL website that collaborates that?
Thank you <3
Sectigo used to be Comodo's CA business. If memory serves, that business was purchased by a US PE firm and renamed "Sectigo". Sectigo Inc.'s corporate headquarters is now in Scottsdale, AZ.
There's no reason to believe they're any less subject to US jurisdiction than LetsEncrypt.
There were reason to believe they were less subject to US juridiction: their Subscriber Agreement is for "Sectigo Limited, a limited company formed under the laws of England and Wales". See https://www.sectigo.com/uploads/backgrounds/Certificate-Subs...
Sadly, their United Terms and Conditions in section 8.2 are even more restrictive than LE's. They reject any entity "located in, incorporated under the laws of, or owned (meaning 50% or greater ownership interest) or otherwise, directly or indirectly, controlled by, or acting on behalf of, a person located in, residing in, or organized under the laws of any country sanctioned under the laws of the U.S. or E.U." See https://www.sectigo.com/uploads/backgrounds/United-Terms-and...
From a layman point of view, it could even mean that the ICC and the UN are prohibited from using Sectigo. The Customer must have no "affiliates, officers, directors, or employees" that are on sanction lists, and the US have sanctioned some high-profile members of the UN and the ICC that spoke about the genocide in Gaza.
Any plans on becoming an independent CA? Would certificates issued in your name also risk being affected by US sanctions trough sentigo?
If they do business in the US they will be expected to comply with US law - this includes their stock being traded on US stock exchanges.
If they don’t have any business in the US and any financial ties to the US they won’t be subject to the sanctions. But I believe it will create issues if they want to enter the US market.
HID was originally American and Scottish, but became fully American in 1994.
HID was acquired by Assa Abloy in 2000. No idea whether that means we now consider it Swedish.
ZeroSSL used to be Austrian until their acquisition in 2024.
I used to work for a company that got acquired by HID. It looks like HID has retained their original offices in some form.
The privacy policy is under legal in the footer, exactly where I'd expect it to be honest. It also gives the company registration: > 1.1. We, ZeroSSL GmbH, FN 443956b (the “Company“) and below that the company address (registered in Austria).
Don't get me wrong, I agree that there is some lack of "who actually runs/controls this", especially on the about page where I expect such things to be.
At the very least it's not as transparent as I'd wish from a CA. E.g their Certificate Agreement is from Sectigo, so are they involved? No mention anywhere else from what I can see.
I don’t see “legal” in the footer on mobile. Or any other link. Or a link to an About page in the main nav. There’s nothing.
Very interesting! Yea I was on desktop, that's a really bad oversight to hide all of that on mobile...
I use them in some cases to avoid the rate limits on LetsEncrypt, and they have better support for some older platforms (like ancient Android versions), and I'm pretty happy so far. I have a paid account to support them, but it's not a requirement for ACME certs. It works without issue with Kubernetes Certbot, and seamless to switch between ZeroSSL and LetsEncrypt.
I can't comment on the EU part though - not that relevant in my case.
There was some subtle issue with ZeroSSL's implementation of ACME that I ran into with, IIRC, lego and domain certs and there was a ~5 year old lego open issue about it. That was a couple years ago, might be fixed, but my understanding at the time was that it was an issue with Zero's ACME implementation, so there may be dragons.
3 90-day ACME certs for free. 180€/year for unlimited 90-day certs and 5 yearly ones.
That’s a pretty steep increase. I would almost be more interested in a monthly fee per cert.
From their docs[0] this doesn't seem to apply if using ACME, but they don't exactly make that clear...
> By using ZeroSSL's ACME feature, you will be able to generate an unlimited amount of 90-day SSL certificates at no charge, also supporting multi-domain certificates and wildcards. Each certificate you create will be stored in your ZeroSSL account.
[0]: https://zerossl.com/documentation/acme/
Yeah, they don't make it that clear, but you get basically the same functionality as with LetsEncrypt for free, including wildcard certs. You basically only need to pay for manually issued certs, or some of their other additional features.
ZeroSSL aren't an EU-based alternative, unfortunately.
It's Sectigo under the hood.
Is Let's Encrypt the only provider of SSL certificates?
Genuine question! Because I assumed there were other places you could get a SSL certificate, but people in this thread seem to be implying that without Let's Encrypt, there's no way for people in those sanctioned territories to get a cert.
If it was a genuine question, the genuine answer is it's the provider that democratised streamlined ACME certificate verification and made it for free
No account, no payment, a single bash command or a certbot that runs regularly and you have your own globally recognised certificate
Historically, providers used to make the most frictions so that they could justify absolutely crazy fees for signing any certificates. It doesn't goes down well in DevOps, it doesn't work with indies who don't have 3 to 4 digits figures to blow in httpS, everyone including organisations ended up making certificates authorities of their own to sign stuff... and let's encrypt was successful at making certificates easy, free and actually secure
> Is Let's Encrypt the only provider of SSL certificates?
No.
There are some options. actalis.com is European alternative but free tier is a bit less than Let's Encrypt.
If nothing has changed it's still the only one that's free and instant. Back in the day you'd had to pay $10/y and install manually
https://zerossl.com/
> active eavesdropping (e.g., monster-in-the-middle attacks)
is this standard MitM, or is it some crucially distinct variation?
Man in the Middle Wiki:
> Also known as a monster-in-the-middle,[1][2] machine-in-the-middle,[3] meddler-in-the-middle,[4] manipulator-in-the-middle,[5][6] person-in-the-middle[7] (PITM), or adversary-in-the-middle[8] (AITM) attack.
Those sources feel more than slightly contrived.
This is bullshit on par with the Chinese firewall, meant to effectively prevent the (entire!) western world from information by parties deemed persona non-grata. SSL certificates are supposed to be about security, not geopolitics.
I'm pretty sure a LE server hitting an Iranian or North Korean endpoint and validating a crypto challenge does not break any OFAC or EAR rules, and no money changes hands. And if a non-US entity wants to do it, the US would just sanction them. Microsoft and Mozilla are certainly not going to include a North Korean or Russian state CA in the root trusted certs (and if they did, the US government could just threaten them with sanctions, too).
Hard not to say "we warned you" about making self-signed certs completely unusable in favor of a very centralized approach.
Does it mean that russian/iranian web-sites using letsencrypt stop working and need to change their certificate provider?
Depends on whether LE is compelled to terminate service to BGP AS numbers hosted in U.S.-sanctioned countries, and whether LE continues operating out of the U.S..
Depending on how you are supposed to read "You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations." it could mean that you are not even allowed to use LE certificate to provide services to sanctioned entities as a random non-US company/person.
I hope not. We don't have any alternatives yet.
https://www.actalis.com/activate-free-plan maybe?
They already revoced certificates for some russian sites
any details on that? links to people reporting it?
Yeah, let everybody build and use their own services, and then the US will end up having less control and visibility. Great tactics!
Time for a non-US equivalent of Let's Encrypt?
How are they going to enforce this?
I would imagine, as a CA that issues only DV certs, they'd disallow issuance to various ccTLDs, and perhaps stop newAccount registrations with email addresses at those ccTLDs. That's about as much as they could do - IP-blocking by region is ineffective and crude at best.
To be put in perspective with their push for very short live certificates, like 7 days, with the argument that anyone can easily get certificate from at any time.
But in fact, little by little you have all the stacks needed to be able to isolate some entities from internet at the us request in a very short time
otkroite sait brusha pj
huh? the linked document shows that bullet item as deleted.
123
vklyuchi sait brusha shlyuha
ale
the reach is by rough estimates ~2.5–6 million websites globally, 2–5 million of those in Russia and 0.3-1 million in Iran
Whatever USofA, it's not hard to have their own cosmodrome and certificates.
Tangential, in 2026 website certificates feel like nothing, disposable automation artifact, toxic max-security[1], vehicle for those who rent seek, fingerprint.
[1] https://tom7.org/httpv/httpv.pdf
The uninteresting version of this is “US entity follows US law.”
The interesting version is that Web PKI is not just cryptographic infrastructure. It is also a policy distribution system. A browser trust store, a CA, a subscriber agreement, revocation rules, export controls, and sanctions law all end up in the request path of "can this site speak HTTPS to normal users?"
That does not make Let’s Encrypt uniquely bad. Any CA has some jurisdiction, owners, contracts, root-program obligations, abuse process, and legal exposure. Moving the CA changes the governance surface; it does not remove governance.
But it does mean "just use Let’s Encrypt" is not a neutral answer when protocols, browsers, APIs, app stores, or regulators effectively require TLS. The operational dependency is not only ACME uptime and certificate issuance. It is also jurisdictional continuity.
The hard product question is what failure mode we want:
1. Web PKI: power concentrates in CAs, browsers, and root programs. 2. DANE/DNSSEC: power shifts toward DNS operators, registries, registrars, and governments. 3. Self-signed / TOFU / pinning: power shifts toward application-specific trust and worse UX. 4. Multiple CAs: better resilience, but still bounded by browser trust stores and legal chokepoints.
There is no apolitical trust system here. There are only different control planes with different failure modes.
The practical ask from Let’s Encrypt should be clarity: issuance vs renewal vs revocation, existing certs vs future certs, domain location vs subscriber location, hosting location vs user location, and how they interpret “use” of a certificate. Without that, operators are left guessing whether this is a narrow compliance clause or a broad infrastructure-risk event.
And now imagine that one of the Trump tantrums contains an announcement of sanctions against the European Union.
What in the actual fuck?
I had the parent organization of LetsEncrypt (Internet Security Research Group) in my Will, but after reading this, I will remove it immediately. US sanctions harm too many innocent people.
This actually makes sense. No freedom for the enemies of freedom.
the list of ppl under US sanctions is staggering
Europe starts to shield itself from the risk since Nicolas Guillou, the French ICC judge who issued a warrant against bibi got sanctioned (France officially protested about this case)
China is being successful at blocking US firms out of their supply chains (they already use Linux on Loongarch processors with some homemade architecture and pioneer RISC V), since a bunch of their companies also got sanctions for supplying the governement
US stands so much for freedom that it's the first country to refuse immigration to FIFA world cup teams and athletes, with Iranians not allowed to stay between games and Somali goalkeeper being turned away at the border. Germany itself didn't do for the 1936 Olympics.
So at best, they're only shooting themselves in the foot by showing any US component in a supply chain is a risk, while using US clouds were already a risk of loss of revenue from FISA requests to undercut your bid and rot your company and using US dollars for trade was already a liability
In the meantime, US companies can do anything, break any financial law and abuse every human right, they'll just sign DPAs to avoid prosecution
love thought-terminating cliches. really helps keep from actually thinking ever.
Your comment reads like a thought-terminating cliché. If Russia occupied your city, killed your family and friends and left you homeless, you might reconsider giving freedom to those who take it away from others. Unfortunately, sanctions are often very easy to evade.
This is a reasonable point, if "enemies of freedom" and "enemies of America" are synonymous...
Now imagine the USA did that to the city you live in...
it can't happen, they only attack civilians in countries that have weapons of mass destruction or have a evil economic system of socialized healthcare and labor market
They also don't like states that threaten business by turning workers into a commodity that you have to compensate each month ; Spain sunk the Maine ; and they had manifest destiny given from God to get rid of natives
Ah right, that's why there's US sanctions on Israel?
But what if you're the baddies?
Then try not to be completely dependent on the products of a company that is under the control of your enemy.
Sanctioned has a double meaning here[1]:
> 2. officially or formally ratified or confirmed.
> 3. penalized, especially by way of discipline or to force compliance with legal obligations.
So who can use lets encrypt? Those that are penalised or those that are confirmed.
[1] https://www.dictionary.com/browse/sanctioned
It took me a minute to understand the original post because the verb sanction means both itself and basically the opposite of itself. It would be better to say "any territory that the US has levied sanctions against". I thought LetsEncrypt had banned its usage in the US! The word for words like sanction is contronym.
If you click the link…
> [You certify to LetsEncrypt that] …
> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations; or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b). You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.