Back to News
Dan Fernelius Interview ISRG

Dan Fernelius: Let’s Encrypt helps ensure the web is more secure for 5+ billion users

Dan is a Director at Internet Security Research Group (ISRG), the nonprofit behind Let’s Encrypt. Since 2019, Dan has helped scale ISRG by growing organizational capacity through diversifying fundraising, establishing cross-sector partnerships, and strengthening internal systems to support long-term growth. He has led efforts to secure major philanthropic support and played a key role in expanding ISRG’s programs—Let’s Encrypt, Prossimo, and Divvi Up. Dan’s work ensures ISRG can continue delivering free, open, and secure infrastructure to billions of people worldwide.

In simple terms, what is Let’s Encrypt’s mission and how does it help the Internet as a whole?

Let’s Encrypt is a project of the nonprofit Internet Security Research Group (ISRG) that provides free SSL/TLS certificates.  As a free, automated, and open Certificate Authority (CA), Let’s Encrypt provides the digital way for websites and services to enable HTTPS, the secure version of the protocol (HTTP) used to transfer data between a web browser and a website. Run for the public benefit, Let’s Encrypt helps ensure the web is a more secure and privacy-respecting place for all of its 5+ billion users.

Why did you set up Let’s Encrypt as a nonprofit organization instead of for-profit?

Internet Security Research Group (ISRG) was founded in 2013 to tackle what at the time seemed like an insurmountable challenge: encrypting the Internet to secure online communications and interactions. When Let’s Encrypt issued its first TLS certificate in 2015, less than 39% of webpage loads used a TLS certificate. Despite the technology behind TLS existing since the early 1990s, the vast majority of websites did not use encryption. The reason was simple: getting and managing certificates for TLS was incredibly difficult.

We chose to set up Let’s Encrypt as a nonprofit because one of the major barriers to adopting TLS was cost and ease of use by way of automation. By establishing a nonprofit dedicated to this goal, we were able to eliminate cost to the user to ensure adoption of TLS.

You’re celebrating your 10th anniversary this year. Congratulations! What market gap did Let’s Encrypt fill that has made it so successful?

Thanks! The barriers preventing widespread adoption of TLS meant that for more than two decades, most of people’s time online was spent in the open; massive amounts of user communications over the Internet could be viewed by anyone with the technical ability to do so.

In 1995, roughly 16 million people were routinely accessing the Internet. By 2015, that number had grown to 3.2 billion—a 19,900% increase. What’s more, the Internet of 1995 had roughly 25,000 websites. By 2015, the Web had grown to more than one billion websites, a staggering growth of 3,999,999%. In stark contrast to that growth was the slow adoption of HTTPS. Even though the technology was available in 1995, adoption of HTTPS only grew by single percentage points in the subsequent years. By 2015, 55-70% of Web page loads still only used HTTP. Cost, complexity, and technical expertise were barriers that greatly limited the use of encryption online, implying that online privacy was only available to the wealthy few and leaving most users worldwide exposed to significant security and privacy risks, even if they didn’t know it.

The problem of encryption was a problem of broad incentives. The technical barriers meant encryption was costly and therefore encryption at scale was very difficult to achieve. To shift the paradigm from privacy-for-a-price to privacy-for-all meant shifting the incentives to make HTTPS possible.

Let’s Encrypt was founded to shift this paradigm. The aim was to proliferate the adoption of TLS certificates for all websites, everywhere by focusing on eliminating every barrier to encryption. The barriers were daunting, presenting technical, interpersonal, political, and economic challenges. TLS certificates were typically created manually, involving the manipulation of highly technical components of a user’s domain name service (DNS) in addition to many other aspects of running a website. Beyond technical requirements, TLS certificates were expensive, potentially costing a user hundreds of dollars. TLS certificates also expire, requiring users to repeat the technical and financial work routinely. Let’s Encrypt was started as an audacious plan to increase Web security and, as evidenced today, achieved that paradigm shift.

Between 2015 and 2025, Let’s Encrypt grew from serving a few thousand domains to nearly 600 million. Over that same time, the percentage of Web pages loaded with HTTPS grew from 31% to 95%+ globally. Compared to the observed rate of TLS adoption from 2013, Let’s Encrypt grew TLS adoption nearly exponentially. This change happened by eliminating cost, technical complexity, and manual tasks for renewing TLS certificates.

Let’s Encrypt shifted the Internet towards privacy for all. However, the work continues every day. As of January 2025, Let’s Encrypt routinely issues more than 5 million TLS certificates daily. Let’s Encrypt is the only trusted certificate authority available anywhere in the world.

What are the primary challenges you face in securing funding?

Encrypting the Internet isn’t about reaching some predetermined goal—it’s continuous work that we do every single day. In ten years, we’ve issued 6 billion certificates and have by and large kept up with the growth of the Internet, with the demand for free TLS.

Because Let’s Encrypt is built to just work, the biggest challenge is people taking this work for granted. And while we run this global service on a very efficient budget, we know that without our community of supporters around the world, none of our work is possible. We’re continually grateful to receive funding from thousands of people around the world each year.

What would happen if Let’s Encrypt ceased operations? What would it take for another organization to fill the gap?

In today’s world, we depend on a safe and secure Internet to connect, work, and thrive. HTTP is foundational to how the Internet runs every day, and HTTPS, which is what Let’s Encrypt’s work helps enable, is paramount to the Web’s security. Without freely accessible, easy to use TLS, fewer websites and services around the world would be able to get a TLS certificate, which impacts the security and privacy of all of us using the Internet.

How can Common Good Cyber and other funding solutions support your efforts to bridge cybersecurity challenges?

You can make the case of the importance of supporting encryption online for websites! It’s important to raise awareness that the Internet is safeguarded by nonprofits like us, and we play a crucial role in website security that no one else is doing at this scale. Efforts like Common Good Cyber help raise that awareness and can encourage governments and industry foundations to support cybersecurity efforts like ours.

interview
Back to News

Join Us

Click below for our recent efforts and to sign up for upcoming news
Sign Up Our Next Event Explore Our Work

Privacy Policy

Common Good Cyber logo

Global Cyber Alliance is a 501(c)(3) Nonprofit Organization

Copyright 2025 Global Cyber Alliance

Privacy Policy

Global Cyber Alliance is a 501(c)(3) Nonprofit Organization

Copyright 2025 Global Cyber Alliance