The site of the project Let’s Encrypt there was information that the October 19, 2015 certifying centers «Let’s Encrypt Authority X1» and «Let’s Encrypt Authority X2» received a cross sign on IdenTrust. Now certificates issued by Let’s Encrypt become trusted by all major web browsers. You can check this by going to the page, the first secure a certificate’s Encrypt Let:helloworld.letsencrypt.org. If your browser does not issue warnings, then considers the certificate of a trusted domain.
Root CA «Let’s Encrypt – ISRG Root X1» is added to the trusted certificate authorities browsers later, however, to make appropriate arrangements do not detract from the importance of cross-certification produced. After the user’s browser must be updated to update their lists of trust. Without it, users for some time yet would receive warnings about untrusted certificate when visiting all the sites protected by certificates Let’s Encrypt. «Let’s Encrypt Authority X1» – basic and «Let’s Encrypt Authority X2» – Standby CA, in the event of disaster and the inability to use X1 . Thus it was provided resiliency issuing CAs.Private keys of root and issuing CAs are stored in the HSM, which ensures a high level of protection against theft of keys or unauthorized access to them.
Let’s Encrypt supports Certificate Transparency, therefore, all of the issued certificates can be viewed ravine CT. From the log shows that the certificates are issued is valid for 3 months.
a Certificate Transparency
A full launch of the project is scheduled for the week of November 16th. I think the guys from the Let’s Encrypt must thoroughly prepare for the potentially heavy load during the first hours and days after the launch.