Would be interesting to hear what database they are using and how they are doing...

mcpherrinm · 2025-12-10T05:09:13 1765343353

Let’s Encrypt currently has a single primary with a handful of replicas, split across a primary and backup DC.

We’re in progress of adopting Vitess to shard into a handful of smaller instances, as our single big database is getting unwieldy.

samlambert · 2025-12-10T15:33:30 1765380810

Let’s Encrypt is an incredible project and the internet is better off for it. If you ever have questions about vitess or need help please let me know.

nodesocket · 2025-12-10T05:13:21 1765343601

Thanks. Would love to see a tech blog post once you get Vitess implemented.

mcpherrinm · 2025-12-10T06:55:22 1765349722

We’ve already started drafting it :)

Ayesh · 2025-12-10T01:41:29 1765330889

https://github.com/letsencrypt/boulder

You can find a docker-compose.yml file to get some idea.

Appears to be using MariaDB.

They shut down OCSP responders and expiry email reminders, so there really is no need to have a database apart from rate limits, auth data, and caching.

For Certificate Transparency, they are submitted to Google and CloudFlare run trees but I don't think LetsEncrypt run their own logs.

mcpherrinm · 2025-12-10T05:10:32 1765343432

Let’s Encrypt does operate CT logs. I wrote a blog post about our current-generation logs at https://letsencrypt.org/2024/03/14/introducing-sunlight

nodesocket · 2025-12-10T01:47:46 1765331266

I assume they want to store metadata instead of having to pull from the certificates itself, but maybe that’s actually easier and more performant.