letsencrypt.org

HTML metadata

Title

Let's Encrypt

Description

Let's Encrypt is a free, automated, and open Certificate Authority brought to you by the nonprofit Internet Security Research Group (ISRG). Read all about our nonprofit work this year in our 2025 Annual Report.

Language

en-US

Generator

Hugo 0.148.2

Feeds

Let's Encrypt RSS

Open Graph

url: https://letsencrypt.org/
title: Let's Encrypt
description: Let's Encrypt is a free, automated, and open Certificate Authority brought to you by the nonprofit Internet Security Research Group (ISRG). Read all about our nonprofit work this year in our 2025 Annual Report.

Technology

CDN: Netlify
CMS: Hugo

Third-party hosts loaded (1)

outreach.abetterinternet.org×1

Social

Contact

Phone

Registration

Registrar

Cloudflare, Inc.

Created

2014-07-07

Expires

2027-07-07 414 days left

Updated

2020-11-03

Name servers

owen.ns.cloudflare.com
vera.ns.cloudflare.com

DNS records live

NS

owen.ns.cloudflare.com
vera.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

pardot1011011=d160caff32c4415bb46bb82d8c50e5bea7ea1a74f5a149cb96bd952467266044
sending_domain1011011=f98c68e7636a708a1987c7b9da300d64a354041fa41ea2039fbb02bc18c4ed0f

Email authentication strong

SPF

v=spf1 include:_spf.google.com ip4:23.178.112.0/24 ip4:66.133.109.36 ip4:64.78.152.132 include:mail.zendesk.com include:_spf.intacct.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:re+2ea7a1650465@inbound.dmarcdigests.com; fo=1

policy: reject (enforced)

DKIM

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEBV+uacEmkQqqZMwwF+Kv6oEvaPy/zDOancu+DAemWPty49Sc3PR7n+Il8JGnz8j0Ldv95ch9SGNVuvvRh5…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

E7

from 2026-05-07 to 2026-08-05

Expires in 78 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://letsencrypt.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer
x-frame-options: DENY
permissions-policy: geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(), fullscreen=(self), interest-cohort=()
x-content-type-options: nosniff
content-security-policy: default-src 'none'; font-src 'self'; style-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com https://www.paypalobjects.com https://widget.thegivingblock.com https://*.shift4.com ; img-src 'self' data: blob: https://www.google-analytics.com https://*.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://outreach.abetterinternet.org https://app.netlify.com https://widget.thegivingblock.com/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.ne
strict-transport-security: max-age=31536000