Industry stats Updated Jun 2026All domains worldwide 392.5M registered names +6.5% YoY Verisign · Q1 2026.com + .net total 176.1M names in zone Verisign · Q1 2026.com + .net 11.5M newly registered · 76.3% renewed Verisign · Q1 2026Country-code TLDs 146.3M names +2.4% YoY Verisign · Q1 2026New gTLDs 49.6M names · 30.9% renewed +3.7% QoQ Verisign · Q1 2026Legacy gTLDs 20.5M names · 67.6% renewed +14.6% YoY Verisign · Q1 2026WordPress 41.5% of all sites · 59.3% of CMS sites W3Techs · 17 Jun 2026Shopify 5.2% of all sites · 7.5% of CMS sites W3Techs · 17 Jun 2026Wix 4.3% of all sites · 6.1% of CMS sites W3Techs · 17 Jun 2026Squarespace 2.5% of all sites · 3.5% of CMS sites W3Techs · 17 Jun 2026Joomla 1.2% of all sites · 1.7% of CMS sites W3Techs · 17 Jun 2026Webflow 0.9% of all sites · 1.2% of CMS sites W3Techs · 17 Jun 2026Drupal 0.7% of all sites · 1% of CMS sites W3Techs · 17 Jun 2026No CMS detected 30% of all sites W3Techs · 17 Jun 2026Nginx on 33%–39% of sites W3Techs · Mar–Apr 2026Apache on 24%–29% of sites W3Techs · Mar–Apr 2026LiteSpeed gaining share among web servers W3Techs · Mar–Apr 2026DMARC adoption 937.9K valid records +79% in 3 yrs EasyDMARC · 2026 YTDFortune 500 95% publish DMARC · 80% enforced EasyDMARCFortune 500 62.7% use strict reject policy EasyDMARCInc. 5000 15.2% use strict reject policy EasyDMARCDeal CVC Capital Partners → Namecheap · CVC Capital Partners acquired a majority stake in Namecheap in September 2025, valuing the company at ~$1.5B (including debt). 2025Deal team.blue (Hg-backed) → Loopia Group · team.blue (Hg-backed) acquired Loopia Group (Nordics) in 2025. 2025Deal Miss Group (Perwyn-backed) → Web4U s.r.o. · Perwyn-backed Miss Group acquired Web4U s.r.o. (Prague-based web hosting and domain registration provider) in 2025. This is Miss Group’s 14th acquisition under Perwyn ownership. 2025Deal group.one → Webglobe · group.one acquired Webglobe (Slovakia/Czechia/Serbia) in 2025. 2025Deal hosting.com → FastComet, A2 Hosting · hosting.com (formerly World Host Group) acquired FastComet in April 2025 and A2 Hosting in January 2025, rebranding A2 Hosting under the hosting.com name. 2025Industry stats Updated Jun 2026All domains worldwide 392.5M registered names +6.5% YoY Verisign · Q1 2026.com + .net total 176.1M names in zone Verisign · Q1 2026.com + .net 11.5M newly registered · 76.3% renewed Verisign · Q1 2026Country-code TLDs 146.3M names +2.4% YoY Verisign · Q1 2026New gTLDs 49.6M names · 30.9% renewed +3.7% QoQ Verisign · Q1 2026Legacy gTLDs 20.5M names · 67.6% renewed +14.6% YoY Verisign · Q1 2026WordPress 41.5% of all sites · 59.3% of CMS sites W3Techs · 17 Jun 2026Shopify 5.2% of all sites · 7.5% of CMS sites W3Techs · 17 Jun 2026Wix 4.3% of all sites · 6.1% of CMS sites W3Techs · 17 Jun 2026Squarespace 2.5% of all sites · 3.5% of CMS sites W3Techs · 17 Jun 2026Joomla 1.2% of all sites · 1.7% of CMS sites W3Techs · 17 Jun 2026Webflow 0.9% of all sites · 1.2% of CMS sites W3Techs · 17 Jun 2026Drupal 0.7% of all sites · 1% of CMS sites W3Techs · 17 Jun 2026No CMS detected 30% of all sites W3Techs · 17 Jun 2026Nginx on 33%–39% of sites W3Techs · Mar–Apr 2026Apache on 24%–29% of sites W3Techs · Mar–Apr 2026LiteSpeed gaining share among web servers W3Techs · Mar–Apr 2026DMARC adoption 937.9K valid records +79% in 3 yrs EasyDMARC · 2026 YTDFortune 500 95% publish DMARC · 80% enforced EasyDMARCFortune 500 62.7% use strict reject policy EasyDMARCInc. 5000 15.2% use strict reject policy EasyDMARCDeal CVC Capital Partners → Namecheap · CVC Capital Partners acquired a majority stake in Namecheap in September 2025, valuing the company at ~$1.5B (including debt). 2025Deal team.blue (Hg-backed) → Loopia Group · team.blue (Hg-backed) acquired Loopia Group (Nordics) in 2025. 2025Deal Miss Group (Perwyn-backed) → Web4U s.r.o. · Perwyn-backed Miss Group acquired Web4U s.r.o. (Prague-based web hosting and domain registration provider) in 2025. This is Miss Group’s 14th acquisition under Perwyn ownership. 2025Deal group.one → Webglobe · group.one acquired Webglobe (Slovakia/Czechia/Serbia) in 2025. 2025Deal hosting.com → FastComet, A2 Hosting · hosting.com (formerly World Host Group) acquired FastComet in April 2025 and A2 Hosting in January 2025, rebranding A2 Hosting under the hosting.com name. 2025
Security Certificates & TLS

AWS Certificate Manager adds ACME protocol support

AWS now automates public TLS certificate issuance via ACME in ACM

AWS Certificate Manager adds ACME protocol support
panumas nikhomkhai · Pexels

AWS has integrated the Automatic Certificate Management Environment (ACME) protocol into its Certificate Manager (ACM) service, allowing users to automate the issuance, renewal, and revocation of public TLS certificates. This update addresses the growing operational burden of manual certificate management as validity periods continue to shorten, with industry standards set to reduce maximum validity to 100 days by March 2027 and further to 47 days by 2029.

The ACME protocol, widely adopted by certificate authorities like Let’s Encrypt, eliminates the need for human intervention in certificate lifecycle management. AWS’s implementation provides a fully managed ACME server endpoint compatible with any ACMEv2 client, including Certbot, cert-manager for Kubernetes, and acme.sh. This integration consolidates certificate management within ACM, offering a unified dashboard for monitoring and controlling certificate issuance across an organization.

How it works

To use ACME in ACM, administrators first create a dedicated ACME endpoint in the AWS Console or via API. The setup process involves configuring domain validation, defining certificate scopes (e.g., exact domains, subdomains, or wildcards), and generating External Account Binding (EAB) credentials for client authentication. Domain validation is centralized, with ACM automatically creating DNS CNAME records for domains hosted in Amazon Route 53 or providing manual instructions for external DNS providers.

Once the endpoint is configured, application owners can request certificates using their preferred ACME client. The client registers with the ACME endpoint using EAB credentials, which bind to IAM roles for granular access control. This ensures that only authorized users can request certificates for approved domains, while PKI administrators retain centralized oversight. All certificate requests are logged in AWS CloudTrail for auditing, and operational metrics are tracked in Amazon CloudWatch, with expiry notifications sent via ACM.

Background

Background: The ACME protocol is an open standard for automating TLS certificate issuance, renewal, and revocation. It is used by certificate authorities to validate domain ownership and issue certificates without manual intervention. AWS Certificate Manager (ACM) is a managed service that simplifies the provisioning and management of TLS certificates for AWS workloads.

Centralized controls and governance

ACME support in ACM introduces several governance features that were previously unavailable. Administrators can enforce organization-wide policies by restricting certificate types (e.g., ECDSA or RSA) and limiting wildcard issuance at the endpoint level. Domain scopes can be configured to allow only specific certificate patterns, such as exact domains or subdomains, while excluding wildcards to enhance security. These controls reduce the risk of misissued certificates and eliminate the need for third-party certificate lifecycle management tools.

The integration also improves visibility. All certificates issued through ACME, the ACM console, or API calls are searchable within ACM, providing a single pane of glass for monitoring certificate usage. This addresses a common pain point for organizations that previously relied on external certificate authorities alongside ACM, resulting in fragmented visibility and inconsistent policy enforcement.

Availability and pricing

ACME support in ACM is available in all commercial AWS Regions as of June 2026. Support for AWS GovCloud (US), China Regions, and the AWS European Sovereign Cloud is planned for a later date. Pricing is based on the number of domains included in each certificate at issuance, with separate rates for fully qualified domain names and wildcards. Volume discounts apply based on total domain occurrences across all certificates issued per month in an AWS account. Detailed pricing information is available on the ACM pricing page.

What to watch

The adoption of ACME in ACM is likely to accelerate as organizations prepare for the upcoming reduction in certificate validity periods. The ability to automate certificate management while maintaining centralized control may also influence enterprise decisions about consolidating certificate authorities. Operators should evaluate their current ACME client configurations and IAM policies to ensure compatibility with ACM’s implementation, particularly for organizations using multiple AWS accounts or hybrid cloud environments.

For professionals

For professionals: This update reduces operational overhead for teams managing TLS certificates at scale. By centralizing ACME support within ACM, AWS eliminates the need for external certificate authorities, simplifying compliance and auditing. Teams should review their certificate issuance workflows to leverage ACM’s policy enforcement features, such as domain scoping and IAM role binding, to improve security and governance.

Discussion · coming soon

Be the first to join the thread when community discussion launches.