W3Techs
advertise here
provided by
Q-Success
Home Technologies Reports API Sites Quality Users Blog Forum FAQ Search

Featured products and servicesadvertise here

Blog Categories

All

News
AddThis
AddToAny
Adobe DTM
AdRoll
Advertising Networks
Akamai
Alibaba
Amazon
Amazon CloudFront
Angular
Apache
ASP.NET
ASP.NET Ajax
Baidu Analytics
Baidu Share
Bitrix
Blogger
Bootstrap
CDNJS
CentOS
Character Encodings
China Telecom
China Unicom
Chitika
Client-side Languages
Cloudflare
Cloudflare Server
ColdFusion
Compression
Concrete CMS
Content Delivery
Content Languages
Content Management
Cookies
CSS Frameworks
Data Centers
DataLife Engine
Debian
Default Protocol Https
DigiCert
DigiCert Group
Discuz!
DNS Servers
Dojo
DoubleClick
Drupal
Elementor
Email Servers
Ensighten
ExoClick
Facebook
Facebook Pixel
Fastly
Fedora
Flash
Full Circle Studies
Gemius
Gentoo
GlobalSign
Gmail
GoDaddy Group
Google
Google +1
Google Ads
Google AdSense
Google Analytics
Google Hosted Libraries
Google Servers
Google Tag Manager
GridPane
Gunicorn
Histats
Hostinger
Hotjar
HTML
HTML5
HTTP/2
HTTP/3
IdenTrust
Image File Formats
Infolinks
IPv6
Java
JavaScript
JavaScript Libraries
Joomla
JQuery
JQuery CDN
JsDelivr
Let’s Encrypt
Liferay
LinkedIn
Linux
LiteSpeed
Magento
Markup Languages
Matomo
Matomo Tag Manager
Microsoft
Microsoft-IIS
Modernizr
MooTools
New Relic
Newfold Digital Group
Nginx
Node.js
Operating Systems
OVH
PHP
Pinterest
Plesk
Plone
PNG
PopAds
PrestaShop
Prototype
Python
Quantcast
React
Red Hat
Reverse Proxies
Ruby
RunCloud
Scala
Scientific Linux
Sectigo
Server Locations
Server-side Languages
SharePoint
Shopify
Silverlight
Site Elements
Social Widgets
SPDY
Squarespace
SSL Certificate Authorities
Symantec Group
Tag Managers
Tealium
Team.blue
Tomcat
Top Level Domains
Traffic Analysis Tools
Twitter
TYPO3
Ubuntu
Umeng
Underscore
United Internet
Unix
Unpkg
UTF-8
VBulletin
Web Hosting
Web Panels
Web Servers
WhatsApp
Windows
Wix
WooCommerce
WordPress
WordPress Jetpack
Xandr
XHTML
Yandex.Direct
Yandex.Metrica
YUI Library

The impact of Let's Encrypt on the SSL certificate market

Posted by Matthias Gelbmann on 26 September 2016 in News, IdenTrust, Let’s Encrypt, SSL Certificate Authorities

Summary:

Let's Encrypt, the issuer of free SSL certificates, has been expected to disrupt the SSL certificate market. We have a look 10 months after they started their public beta phase.

Let's Encrypt certificates used by 3% of all websites

If we look at the SSL certificate authorities survey, we find Let's Encrypt way down at rank 14 with 0.1% market share. However, this is misleading. As it takes a while to be included as a trusted authority in most user's browsers, Let's Encrypt certificates are cross-signed by IdenTrust at the moment. The wast majority of Let's Encrypt sites therefore use IdenTrust as root certificate, thus preventing the browser showing confusing warnings to visitors. IdenTrust has been around for a long time, but its SSL certificate market share was pretty much negligible before the Let's Encrypt deal. Therefore, if we look at the IdenTrust statistics, we basically see the Let's Encrypt adoption rate.

IdenTrust market share

We see that Let's Encrypt is now used by 3% of all websites, that is an SSL certificate market share of 13.1%, which brings it at rank 3 after Comodo and Symantec. What impact does that have on the SSL certificate market and on its competitors?

The SSL certificate market as a whole is growing quickly

One remarkable observation from last year's market trend is the fact that most of the other certificate authorities also increased the number of sites they are serving. Comodo, for example, is now used by 9.2% of all sites, up from 5.9% one year ago.

The gain from Let's Encrypt primarily comes from sites that did not use a valid SSL certificate before. 30.7% of the websites use no certificate at all now, that share was 37% last year. A remarkable 44.9% (down from 46% last year) of all sites use an invalid certificate, that is a certificate that has been issued for another domain. Most of these invalid certificates are installed by hosting providers as a free service for their customers. Webmasters may use these certificates for testing or for internal use, most sites probably never use them.

Interestingly, the number of expired certificates has increased from 0.2% to 0.9% since the start of Let's Encrypt. It seems that a fair number of people request their free certificate, perhaps don't even use it, and let it expire. The fact that Let's Encrypt certificates are valid only for three months, instead of the usual year, certainly plays a role too.

The total share of websites that use a valid certificates went up from 16.2% to 23.0%, the whole certificate market is growing quickly. As we have seen above, only less than half of that increase comes from Let's Encrypt certificates, more than half went to other CAs. Nevertheless, webmasters change their certificate provider from time to time, some of the sites that now use Let's Encrypt have used other CAs before. Looking at the technology change report we see that Let's Encrypt gains websites primarily from GlobalSign, followed by Comodo and Symantec.

Let's Encrypt certificates used by low-traffic sites

Our market position diagram shows another aspect of the market: CAs near to top border of the diagram are primarily used by high traffic sites, whereas CAs near the bottom border are preferred by low traffic sites.

SSL certificate authorities market position

It comes as no surprise that IdenTrust, and thus Let's Encrypt, comes at the low-traffic end of the market, as they issue only Domain Validated SSL Certificates at the moment. High-traffic sites often require some form of Extended Validation SSL Certificates, which are more expensive. Furthermore, Let's Encrypt does not yet issue wildcard certificates.

France loves Let's Encrypt

There are significant regional differences in the adoption of Let's Encrypt. They are market leader in several countries, most notably in France with 46.3% market share. On the other hand, they have hardly started in some Asian countries such as China (3.1% market share), South Korea (1.8%) and Japan (1.5%).

Outlook

With 77% of all websites not yet using a valid SSL certificate, we can expect Let's Encrypt to continue to grow in the coming years. Once browsers have them listed as trusted authority, we will see them with their own name in our statistics, rather than under the IdenTrust root certificate. Let's Encrypt does not yet hurt other certificate providers, except that they may slow their growth. That may change once the market is more saturated, but it looks like there is still time for the competition to evolve their strategies.

You can find much more details in our SSL Certificate Authorities Market Reports.

_________________
Please note, that all trends and figures mentioned in that article are valid at the time of writing. Our surveys are updated frequently, and these trends and figures are likely to change over time.

 

Share this page


About Us Disclaimer Terms of Use Privacy Policy Advertising Contact
W3Techs on   LinkedIn LinkedIn Twitter Twitter Mastodon Mastodon Bluesky Bluesky
Copyright © 2009-2024 Q-Success