CT: Managing uptime as a CA
This talk was given at the transparency.dev summit 2025.
As a Certificate Authority, Let’s Encrypt needs to submit pre-certificates to CT logs to get SCTs for embedding in certificates. This adds an external dependency on our issuance process, which was historically one of the big concerns CAs have had about CT. In this talk, we’ll discuss how we’ve managed that availability risk through the different submission algorithms we’ve used, and what the real world impact CT has had on our certificate issuance process. Looking forward, our new Static CT logs provide different tradeoffs on latency and reliability, which will make the Let’s Encrypt CA more reliable overall, and how operating CT logs helps us keep our CA running.