More typo fixes (3)

content/en/docs/staging-environment.md

@@ -24,9 +24,9 @@ The staging environment uses the same rate limits as [described for the producti
 * The **[New Registrations per IPv6 Range](/docs/rate-limits/#new-registrations-per-ipv6-range)** limit is 500 per 3 hours (the same as production).
 * The **[New Orders per Account](/docs/rate-limits/#new-orders-per-account)** limit is 1500 per 3 hours.
 * The **[New Certificates per Registered Domain](/docs/rate-limits/#new-certificates-per-registered-domain)** limit is 30000 per second.
-* The **[New Certificates per Exact Set of Hostnames](/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames)** limit is 30000 per week.
-* The **[Authorization Failures per Hostname per Account](/docs/rate-limits/#authorization-failures-per-hostname-per-account)** limit is 200 per hour.
-* The **[Consecutive Authorization Failures per Hostname per Account](/docs/rate-limits/#consecutive-authorization-failures-per-hostname-per-account)** limit is 3600 per 6 hours.
+* The **[New Certificates per Exact Set of Identifiers](/docs/rate-limits/#new-certificates-per-exact-set-of-identifiers)** limit is 30000 per week.
+* The **[Authorization Failures per Identifier per Account](/docs/rate-limits/#authorization-failures-per-identifier-per-account)** limit is 200 per hour.
+* The **[Consecutive Authorization Failures per Identifier per Account](/docs/rate-limits/#consecutive-authorization-failures-per-identifier-per-account)** limit is 3600 per 6 hours.
 
 The [Overall Requests Limits](/docs/rate-limits/#overall-requests-limit) are:
 

content/en/post/2019-11-20-how-le-runs-ct-logs.md

@@ -43,7 +43,7 @@ Additionally, AWS provides a solid set of features and our team has experience u
 
 # Terraform
 
-Let’s Encrypt uses Hashicorp [Terraform](https://www.terraform.io/) for a number of cloud-based projects. We were able to bootstrap our CT log infrastructure by reusing our existing Terraform code. There are roughly 50 components in our CT deployments; including EC2, RDS, EKS, IAM, security groups, and routing. Centrally managing this code allows our small team to reproduce a CT infrastructure in any Amazon region of the globe, prevent configuration drift, and easily test infrastructure changes.
+Let’s Encrypt uses Hashicorp [Terraform](https://www.terraform.io/) for a number of cloud-based projects. We were able to bootstrap our CT log infrastructure by reusing our existing Terraform code. There are roughly 50 components in our CT deployments, including EC2, RDS, EKS, IAM, security groups, and routing. Centrally managing this code allows our small team to reproduce a CT infrastructure in any Amazon region of the globe, prevent configuration drift, and easily test infrastructure changes.
 
 # Database
 
@@ -73,7 +73,7 @@ There are three main CT components that we run in a Kubernetes cluster.
 
 The certificate transparency front end, or [CTFE](https://github.com/google/certificate-transparency-go), provides [RFC 6962](https://tools.ietf.org/html/rfc6962) endpoints and translates them to gRPC API requests for the Trillian backend.
 
-[Trillian](https://github.com/google/trillian) describes itself as a “transparent, highly scalable and cryptographically verifiable data store.” Essentially, Trillian implements a generalized verifiable data store via a Merkle tree that can be used as the back-end for a CT log via the CTFE. Trillian consists of two components; the log signer and log server. The [log signer’s function](https://github.com/google/trillian/blob/master/docs/images/LogDesign.png) is to periodically process incoming leaf data (certificates in the case of CT) and incorporate them into a Merkle tree. The log server retrieves objects from a Merkle tree in order to fulfill CT API monitoring requests.
+[Trillian](https://github.com/google/trillian) describes itself as a “transparent, highly scalable and cryptographically verifiable data store.” Essentially, Trillian implements a generalized verifiable data store via a Merkle tree that can be used as the back-end for a CT log via the CTFE. Trillian consists of two components: the log signer and log server. The [log signer’s function](https://github.com/google/trillian/blob/master/docs/images/LogDesign.png) is to periodically process incoming leaf data (certificates in the case of CT) and incorporate them into a Merkle tree. The log server retrieves objects from a Merkle tree in order to fulfill CT API monitoring requests.
 
 # Load Balancing
 

content/en/post/2023-01-12-eng-culture-at-ISRG.md

@@ -36,7 +36,7 @@ Like all scalable solutions, there is the upfront investment of time and money.
 
 While reflecting on our engineering workplace systems and how they came to be, we recognized that many were organically built out of having a remote workplace, autonomous teams, and the driving values of flexibility and inclusion. We will continue to design practices with these things in mind.
 
-All in all, when looked at with a holistic lens, building an engineering workplace culture has several considerations that are similar to those we focus on when designing software systems. The obvious difference is that instead of functions and data, we are dealing with actual people with feelings and ever changing wants and needs. That is why it is important to once again acknowledge that no two workplaces are the same and there are no perfect solutions, but we hope that these few points lead to thoughtful reflection on how organizations can improve their engineer workplace experience.
+All in all, when looked at with a holistic lens, building an engineering workplace culture has several considerations that are similar to those we focus on when designing software systems. The obvious difference is that instead of functions and data, we are dealing with actual people with feelings and ever changing wants and needs. That is why it is important to once again acknowledge that no two workplaces are the same and there are no perfect solutions, but we hope that these few points lead to thoughtful reflection on how organizations can improve their engineering workplace experience.
 
 If this sounds like a culture you'd like to be a part of, check out our [open jobs](https://www.abetterinternet.org/careers/)!
 

content/en/post/2023-12-13-ngos.md

@@ -8,7 +8,7 @@ excerpt: "A look at how Let’s Encrypt provides security and privacy to public
 
 For more than ten years, we at the nonprofit [Internet Security Research Group (ISRG)](https://www.abetterinternet.org/) have been focused on our mission of building a more secure and privacy-respecting Internet for everyone, everywhere. As we touch on in our [2023 Annual Report](https://www.abetterinternet.org/documents/2023-ISRG-Annual-Report.pdf), we now serve more than 360 million domains with free TLS certificates.
 
-Beyond being a big number, what does that signify? What's the importance of having TLS being widely adopted anyways? We'll take a closer look at these questions through the lens of one group of Subscribers we can relate to particularly well: nonprofits.
+Beyond being a big number, what does that signify? What's the importance of having TLS being widely adopted anyway? We'll take a closer look at these questions through the lens of one group of Subscribers we can relate to particularly well: nonprofits.
 
 ## Serving .org at Internet scale
 

content/en/post/2023-12-28-EOY-letter-2023.md

@@ -20,7 +20,7 @@ One of the biggest observations I've made during Josh's absence is that all 23 p
 
 [Prossimo](http://memorysafety.org) continues to deliver highly performant and memory safe software and components in a world that is increasingly eager to address the memory safety problem. This was evidenced by participation at [Tectonics](https://tectonics.memorysafety.org/), a gathering we hosted which drew industry leaders for [invigorated conversation](https://www.memorysafety.org/blog/tectonics-recap/). Meanwhile, initiatives like our [memory safe AV1 decoder](https://www.memorysafety.org/initiative/av1/) are in line to replace a C version in Google Chrome. This change would improve security for billions of people. We're grateful to the community that helps to guide and implement our efforts in this area, including Dirkjan Ochtman, the firms Tweede golf and Ferrous Systems, and the maintainers of the many projects we are involved with.
 
-Our newest project, [Divvi Up](http://divviup.org), brought on our first two subscribers in 2023. [Horizontal](https://wearehorizontal.org/index), a small international nonprofit serving Human Rights Defenders, will be [collecting privacy-preserving telemetry metrics](https://divviup.org/blog/horizontal/) about the users of their Tella app, which people use to document human rights violations. Mozilla is using Divvi Up to [gain insight into aspects of user behavior](https://divviup.org/blog/divvi-up-in-firefox/) in the [Firefox ](https://www.mozilla.org/en-US/firefox/new/)browser. It took a combination of focus and determination to get us to a production-ready state and our technical lead, Brandon Pitman played a big role in getting us there.
+Our newest project, [Divvi Up](http://divviup.org), brought on our first two subscribers in 2023. [Horizontal](https://wearehorizontal.org/index), a small international nonprofit serving Human Rights Defenders, will be [collecting privacy-preserving telemetry metrics](https://divviup.org/blog/horizontal/) about the users of their Tella app, which people use to document human rights violations. Mozilla is using Divvi Up to [gain insight into aspects of user behavior](https://divviup.org/blog/divvi-up-in-firefox/) in the [Firefox](https://www.mozilla.org/en-US/firefox/new/) browser. It took a combination of focus and determination to get us to a production-ready state and our technical lead, Brandon Pitman, played a big role in getting us there.
 
 We hired Kristin Berdan to fill a new role as General Counsel and her impact is already apparent within our organization. She joins Sarah Heil, our CFO, Josh, and me in ISRG leadership.
 

content/en/post/2024-05-01-ARI-in-Tailscale.md

@@ -14,7 +14,7 @@ In total, it took just two Tailscale engineers less than two days to implement A
 
 Tailscale noted that ARI was especially useful to add before certificates' validity period starts shortening, as their client software in charge of requesting and renewing certificates is running on user machines. This makes it so they cannot easily update the whole fleet overnight if any issues come up. Thanks to ARI, they've reduced the risk of not rotating certificates for client machines in time, or causing excessive load on Let's Encrypt's infrastructure with overly-eager rotation logic.
 
-One consideration the Tailscale team factored in deciding to adopt ARI was wanting to avoid adding a hard dependency on the Let's Encrypt infrastructure for renewal. To remedy this, Tailscale certificate renewal logic falls back to local time-based check if the ARI endpoint cannot be reached for any reason.
+One consideration the Tailscale team factored in deciding to adopt ARI was wanting to avoid adding a hard dependency on the Let's Encrypt infrastructure for renewal. To remedy this, Tailscale certificate renewal logic falls back to a local time-based check if the ARI endpoint cannot be reached for any reason.
 
 Tailscale's roadmap for getting ARI in production:
 

content/en/post/2025-03-18-community-of-funders.md

@@ -8,7 +8,7 @@ display_support_us_footer: true
 display_inline_newsletter_embed: false
 ---
 
-As we touched on in our [first blog post](https://letsencrypt.org/2025/02/14/encryption-for-everybody/) highlighting ten years of Let's Encrypt: Just as remarkable to us as the technical innovations behind proliferating TLS at scale is, so too is the sustained generosity we have benefited from throughout our first decade.
+As we touched on in our [first blog post](https://letsencrypt.org/2025/02/14/encryption-for-everybody/) highlighting ten years of Let's Encrypt: Just as remarkable to us as the technical innovations behind proliferating TLS at scale is the sustained generosity we have benefited from throughout our first decade.
 
 With that sense of gratitude top of mind, we are proud to announce a contribution of $1,000,000 from Jeff Atwood. Jeff has been a longtime supporter of our work, beginning many years ago with [Discourse](https://www.discourse.org/) providing our community forum pro bono; something Discourse still provides to this day. As best we can tell, our forum has helped hundreds of thousands of people get up and running with Let's Encrypt---an impact that has helped billions of people use an Internet that's more secure and privacy-respecting thanks to widely adopted TLS.
 
@@ -31,6 +31,6 @@ We're proud that Jeff not only agrees, but has chosen to support us in such a me
 
 Indeed, this contribution is significant because of its scale, but more importantly because of its signal: a signal that supporting the not-so-glamorous but oh-so-nerdy work of encryption at scale matters to the lives of billions of people every day; a signal that supporting free privacy and security afforded by TLS for all of the Internet's five billion users just makes sense.
 
-Ten years ago we set out to build a better Internet through easy to use TLS. If you or your organization have supported us throughout the years, thank you for joining Jeff in believing in the work of Let's Encrypt. For a deeper dive into the impact of Let's Encrypt and ISRG's other projects, take a look at our [most recent annual report](https://www.abetterinternet.org/documents/2024-ISRG-Annual-Report.pdf).
+Ten years ago we set out to build a better Internet through easy-to-use TLS. If you or your organization have supported us throughout the years, thank you for joining Jeff in believing in the work of Let's Encrypt. For a deeper dive into the impact of Let's Encrypt and ISRG's other projects, take a look at our [most recent annual report](https://www.abetterinternet.org/documents/2024-ISRG-Annual-Report.pdf).
 
 _Let's Encrypt is a project of the nonprofit Internet Security Research Group, a 501(c)(3) nonprofit committed to protecting Internet users by lowering monetary, technological, and informational barriers to a more secure and privacy-respecting Internet. For more, visit [abetterinternet.org](https://abetterinternet.org). Press inquiries can be sent to [press@abetterinternet.org](mailto:press@abetterinternet.org)_

content/en/post/2025-12-09-10-years.md

@@ -69,7 +69,7 @@ We documented the history, design, and goals of the project in [an academic pape
 
 ## Our initial sponsors
 
-Ten years later, I'm still deeply grateful to the five initial sponsors that got Let's Encrypt off the ground - Mozilla, EFF, Cisco, Akamai, and IdenTrust. When they committed significant resources to the project, it was just an ambitious idea. They saw the potential and believed in our team, and because of that we were able to build the service we operate today.
+Ten years later, I'm still deeply grateful to the five initial sponsors that got Let's Encrypt off the ground---Mozilla, EFF, Cisco, Akamai, and IdenTrust. When they committed significant resources to the project, it was just an ambitious idea. They saw the potential and believed in our team, and because of that we were able to build the service we operate today.
 
 ## IdenTrust: A critical technical partner
 

content/en/post/2026-02-05-FOSDEM2026.md

@@ -16,6 +16,6 @@ In a recent conversation with a Let's Encrypt subscriber, we asked them to guess
 
 That is a big part of what makes FOSDEM special. For the last few years, we've had a stand at this annual conference in Belgium, where a few folks from our team have the opportunity to speak directly with thousands of conference-goers. We continue to learn so much from these conversations! 
 
-That's where the "Hello" part of this blog post comes in. At this year's FOSDEM, we met so many Let's Encrypt subscribers, and each of them has a unique relationship to Let's Encrypt. We were pleasantly surprised by how many people told us they were using [IP-address certificates](https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability), a new option we just made generally available in December. We had a lot of conversations about our plans to [shorten certificate lifetimes](https://letsencrypt.org/2025/12/02/from-90-to-45). There were a few folks who asked about S/MIME ([still no plans to do that](https://community.letsencrypt.org/t/s-mime-certificates/153/24)). We invited people to continue to stay in touch by signing up for our [newsletter](https://www.abetterinternet.org/newsletter/). 
+That's where the "Hello" part of this blog post comes in. At this year's FOSDEM, we met so many Let's Encrypt subscribers, and each of them has a unique relationship to Let's Encrypt. We were pleasantly surprised by how many people told us they were using [IP-address certificates](https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability), a new option we just made generally available in January. We had a lot of conversations about our plans to [shorten certificate lifetimes](https://letsencrypt.org/2025/12/02/from-90-to-45). There were a few folks who asked about S/MIME ([still no plans to do that](https://community.letsencrypt.org/t/s-mime-certificates/153/24)). We invited people to continue to stay in touch by signing up for our [newsletter](https://www.abetterinternet.org/newsletter/). 
 
 The most meaningful part of FOSDEM is being able to say "thank you". Our goal in starting Let's Encrypt was to improve security and privacy for people using the Internet, but that could not be achieved without the now millions of folks who decided to get a certificate. Our impact is predicated on this symbiotic exchange. While we were only able to directly express our gratitude to a few thousand people at FOSDEM, it was a reminder of how important the community is.

content/en/post/2026-04-10-test-sites.md

@@ -38,7 +38,7 @@ First and foremost, we need to be able to get certificates. Because we're writin
 
 To get a revoked certificate, we request a certificate and then revoke it. That's something we can do with Lego and ACME too: The account which issued a certificate can request it be revoked. We then need a way to check that the certificate is revoked. Certificates contain an HTTP URL pointing to the Certificate Revocation List (CRL) which we poll until our certificate's serial number appears in it.
 
-> Let's Encrypt implements the [ACME standard](https://datatracker.ietf.org/doc/html/rfc8555/), which defines how clients can get certificates. In general, we think ACME clients integrated into webservers are often the best way to get certificates for websites. They can automatically handle challenges, managing and reloading certificates, and overall minimizing the amount of work and reducing problems.
+> Let's Encrypt implements the [ACME standard](https://datatracker.ietf.org/doc/html/rfc8555/), which defines how clients can get certificates. In general, we think ACME clients integrated into webservers are often the best way to get certificates for websites. They can automatically handle challenges, manage and reload certificates, and overall minimize the amount of work and reduce problems.
 
 We also need a way to wait until a certificate is in the right state. The valid certificate is ready to use right away, but that's not true for the revoked and expired certificates. The revoked certificate needs to wait at least until it appears in a CRL, which can be up to an hour. Expired certificates need to wait even longer: Even if we request the shortest-lived certificates we offer, that's still six days. To handle this, our program stores a "next" certificate instead of immediately overwriting the current one. We wait at least 24 hours for the revoked certificate to make sure any CRL caches or push-based CRL infrastructure have time to process the revocation. The expired certificate has to wait until it passes its expiration date. After the program decides a certificate is ready, it replaces the current certificate and passes it off to the webserver. Normal ACME tools don't support this because they can usually start using a certificate as soon as it's obtained.
 

data/clients.json

@@ -912,7 +912,7 @@
 		{
 			"name": "CertKit",
 			"url": "https://www.certkit.io/",
-			"comments": "Deployable and SaaS certificate lifecycle management and monotoring",
+			"comments": "Deployable and SaaS certificate lifecycle management and monitoring",
 			"category": "Server",
 			"challenges": {
 				"HTTP-01": "true",