Apply
My OTF Apply
My OTF Apply

Certbot Improvements

certbot.png

Certbot is a tool built by EFF to help encrypt the Internet by installing SSL/TLS certificates for free. Previously known as the “Let’s Encrypt client”, Certbot will work with any certificate authorities that support the ACME protocol.

Using the HTTPS protocol, and using it correctly, is a vital protection for journalists and media outlets, activists, lawyers, and other vulnerable communities around the world. Failure to use HTTPS by default leaves groups vulnerable to surveillance and high-precision censorship, based on specific web pages or their content. Failure to use HTTPS with appropriate security features leaves users vulnerable to theft of credentials and account hijacking. Building better tools for HTTPS deployment is therefore a critical security and anti-censorship task to assist vulnerable communities around the world.

The Let’s Encrypt and Certbot projects are making significant progress on the problem of ensuring that servers support HTTPS to begin with. Since launching in late 2015, Let’s Encrypt has enabled HTTPS on 40 million FQDNs across 15 million registered domain names (https://letsencrypt.org/stats/). There is now a wide diversity of ACME clients that can be used with Let’s Encrypt, but Certbot remains by far the most popular when counting by number of distinct servers, accounting for about 60% of the server IPs that deploy Let’s Encrypt certificates.

The 2017 effort to improve Cerbot included extending the operating system support, developing a CSP reporting endpoint, enabling HSTS support, adding OCSP must-staple support and security enhancement UI updates, as well as self-hosted DNS plugins and building an integration/functionality testing framework.

The 2019 effort to improve Certbot includes expanding Certbot to support Windows-based servers and to build a better distribution system for Certbot. The project builds on the prior funding by enabling more users to take advantage of the security enhancements Certbot can bring.

Get the word out

Current project status

Just an idea (Pre-alpha)
It exists! (Alpha/Beta)
It's basically done (Release)
People use it (Production)

Funding to date

2017 $50,400 12 months
Core Infrastructure Fund
2019 $186,000 12 months
Internet Freedom Fund

Total Funding: $236,400

Addressed problems

  • Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
  • Repressive surveillance or monitoring of communication

Objective(s)

  • Software or hardware development
  • Testing
  • Technology development

Beneficiaries

  • General public

Region(s)

  • Global

Technology attributes

  • Cryptography
  • Sensitive data
  • Server daemon
  • User interface/experience

We wrote about it