Let's Encrypt is based in the US and subject to US laws

Good questions all. I can't speak too much to other things they could do, but here's some comment on the ones your brought up:

  1. Yes, they could revoke a certificate. But while this could cause some availability issues for your users, it wouldn't compromise confidentiality or integrity.
  2. Let's Encrypt could issue a counterfeit certificate, but that's why all certificates are reported in the Certificate Transparency log. If you're concerned about this, you could watch for certificates being issued with your domain name that were never in used on your servers.
  3. Again, this is the benefit of Certificate Transparency. Users could cross-check against the CT logs to ensure that any given certificate is valid. This will be slightly less effective than watching for a certificate on your domain, but in theory a rogue certificate could still be identified.

In terms of its impact on Confidentiality and Integrity, I'd be most concerned about a supply-chain attack on the tools that you use the request a Let's Encrypt certificate. The default tool - certbot - requires a great deal of access, because it's also designed to install the certificates in a variety of web servers, and the designers felt that if you are issuing certificates you should be root anyway. Fortunately, the tool is open source with over 300 direct contributors, so slipping something into the tooling would be less likely than say... slipping something into one of the libraries you use for your web application.


And

  • They could refuse to issue new certificates.
  • They could be forced to give your personal data (registration email, list of linked domains to your ACME account, IPs of your server, ...) to US Authorities.
  • They could be forced to give personal data (IPs, user-agent, ...) of the visitors of your website (using OCSP requests) to US Authorities. (OCSP staple can prevent that)
  • They could prevent some of your visitors to reach your website by refusing to answer to OCSP requests (If their browser have an hard-fail for OCSP configured. And maybe they could send a "revoked" OCSP answer only to them). OCSP staple can prevent that too

And they do post (some) stats about these requests: ISRG Legal Transparency Reports

Other related links on https://community.letsencrypt.org:

  • Details on the two US Subpoenas received
  • According to mcclatchydc.com Let’s Encrypt revoqued and banned USAReally.com

  • Certificates for US sanctioned countries

  • Let’s Encrypt and U.S. laws