Let’s Encrypt, a free certificate authority, was attacked by DDoS, and service performance was degraded for four and a half hours. On March 7, at 7:38 (local time), it pointed out that 14 Let’s Encrypt domains are under DDoS attack. Let’s Encrypt succeeded in reducing the DDoS attack at 12:14 on the day by taking action immediately after the attack was discovered. It has been announced that these services are currently working.
HTTPS is a communication protocol that can make Internet communication more secure by encrypting communication with numerous web sites on the Internet. For HTTPS communication, the web browser that displays the web site must verify that the site is authorized by the CA of the certificate authority so that the web server sends the SSL certificate. Let’s Encrypt is one of the certification agencies that issue SSL certificates for free.
It can be said that Let’s Encrypt has made a major contribution to the secure HTTPS distribution, with the rate of web sites supporting HTTPS rapidly increasing from 40% to 80% in three years after the official service began in 2016. SSL certificates issued by Let’s Encrypt exceeded 1 billion in February 2020.
The attackers and reasons for this DDoS are unknown. Related information can be found here.