| Let's Encrypt isn't specifically mentioned in the post, though the post hits the underlying point: > GSA provides extensive guidance to agencies on HTTPS deployment at https.cio.gov, and encourages .gov domain owners to obtain low cost or free certificates, trusted by the general public. As a general matter, more expensive certificates do not offer more security value to service owners, and automatic deployment of free certificates can significantly improve service owners’ security posture. This is also repeated here: https://https.cio.gov/certificates/#what-kind-of-certificate... Two GSA programs automate Let's Encrypt to deploy certificates on demand: * https://www.digitalgov.gov/2016/09/07/lets-encrypt-those-cna... * https://cloud.gov/docs/apps/custom-domains/#managed-service-... There's also a USG amendment to the Let's Encrypt Terms of Service that GSA negotiated with them to make it easier for agencies to use it: https://letsencrypt.org/documents/LE-US-State-Local-SA-Amend... |