The race to develop quantum computers poses a serious threat to Internet security, particularly to existing cryptographic systems. Cloudflare is addressing this issue by transitioning the Internet to Post-Quantum (PQ) cryptography. Currently, about 50% of traffic through Cloudflare's network is shielded from the "harvest now, decrypt later" threat, where attackers can store encrypted traffic for future decryption using quantum technology. However, the challenge extends beyond just this threat. Quantum computers can also compromise TLS certificates, allowing impersonation of servers. While there are PQ algorithms available for secure authentication, their large size complicates integration into the existing Web Public-Key Infrastructure (WebPKI). For example, the ML-DSA-44 algorithm's signatures are 2,420 bytes compared to only 64 bytes for the widely used ECDSA-P256 signature. This size increase negatively impacts TLS performance, making the deployment of PQ certificates unattractive before quantum computers become a reality. Waiting until the threat is imminent could jeopardize Internet security, so Cloudflare is advocating for affordable PQ certificates for all users. They are collaborating with industry partners to redesign the WebPKI, aiming for a seamless transition to PQ authentication without degrading performance. One proposed solution is Merkle Tree Certificates (MTCs), which streamline the TLS handshake by reducing the number of required public keys and signatures. The article also delves into the complexities of the current WebPKI. When a browser connects to a server, it verifies the server's identity through a series of digital signatures and certificates. This process becomes cumbersome due to the need for multiple public keys and signatures, particularly as the chains of trust have grown longer over time. Mis-issuance of certificates can lead to security incidents, as shown by a recent case where Cloudflare’s certificates were issued without authorization. Certificate Transparency (CT) helps mitigate such risks by logging issued certificates, allowing server operators to audit and challenge any unauthorized certificates.