https://arstechnica.com/information-tec ... for-https/
Let's Encrypt, the free and open certificate authority (CA) launched as a public service by the Internet Security Research Group (ISRG), says it will begin providing free "wildcard" certificates for Internet domains in January 2018. Wildcard certificates allow anyone operating a domain to link a single certificate to multiple subdomains and host names within a domain. That means a single free certificate could be used to provide HTTP Secure (HTTPS) encryption of pages on multiple servers or subdomains hosted on a single server, significantly lowering the barrier for adoption of HTTPS on personal and small business websites.
In its current form, which requires registration of a certificate for each individual Web address, Let's Encrypt is used for HTTPS on more than 46 million websites. The organization issued its 100 millionth certificate on June 29.
Currently, about 58 percent of webpage visits are encrypted via HTTPS based on browser metrics. When Let’s Encrypt launched in August of 2016, only 39.5 percent of pages loaded were encrypted with HTTPS. While Let's Encrypt has certainly played a role in the shift, Google has, too. In August of 2014, Google announced that the company's ranking algorithm for websites would include whether the page was encrypted with HTTPS as a "ranking signal." As a result, HTTPS became a much higher priority for sites competing for search engine visibility.
Let's Encrypt to offer wildcard certificates for free
http://www.zdnet.com/article/lets-encry ... alidation/
"Let's Encrypt has disabled TLS-SNI-01 validation after the discovery of an attack able to hijack certificates using the protocol."
"Let's Encrypt has disabled TLS-SNI-01 validation after the discovery of an attack able to hijack certificates using the protocol."