My OTF Apply
My OTF Apply

Certbot Improvements


This is an effort to improve the Certbot ACME client to ensure more secure HTTPS deployment.

Using the HTTPS protocol, and using it correctly, is a vital protection for journalists and media outlets, activists, lawyers, and other vulnerable communities around the world. Failure to use HTTPS by default leaves groups vulnerable to surveillance and high-precision censorship, based on specific web pages or their content. Failure to use HTTPS with appropriate security features leaves users vulnerable to theft of credentials and account hijacking. Building better tools for HTTPS deployment is therefore a critical security and anti-censorship task to assist vulnerable communities around the world.

The Let’s Encrypt and Certbot projects are making significant progress on the problem of ensuring that servers support HTTPS to begin with. Since launching in late 2015, Let’s Encrypt has enabled HTTPS on 40 million FQDNs across 15 million registered domain names ( There is now a wide diversity of ACME clients that can be used with Let’s Encrypt, but Certbot remains by far the most popular when counting by number of distinct servers, accounting for about 60% of the server IPs that deploy Let’s Encrypt certificates.

This effort to improve Cerbot includes extending the operating system support, developing a CSP reporting endpoint, enabling HSTS support, adding OCSP must-staple support and security enhancement UI updates, as well as self-hosted DNS plugins and building an integration/functionality testing framework.

Get the word out

Current project status

Just an idea (Pre-alpha)
It exists! (Alpha/Beta)
It's basically done (Release)
People use it (Production)

Funding to date

2017 $50,400 12 months
Core Infrastructure Fund

Total Funding: $50,400

Addressed problems

  • Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
  • Repressive surveillance or monitoring of communication


  • Software or hardware development
  • Testing
  • Technology development


  • General public


  • Global

Technology attributes

  • Cryptography
  • Sensitive data
  • Server daemon
  • User interface/experience

We wrote about it