Differences between Let’s Encrypt certificates and traditional CA-issued certificates
This article discusses the differences between SSL certificates provided by Let’s Encryptand those provided by traditional CA (certificate authority) providers.
The Let’s Encrypt initiative makes creating and installing SSL certificates a simple task. They are also free, so you may ask yourself, “why would I ever pay for an SSL certificate from another provider?”
Although Let’s Encrypt SSL certificates provide basic SSL encryption, they lack many of the benefits of certificates issued by established CA (certificate authority) SSL providers, including:
Extended validity: Let’s Encrypt certificates are only valid for 90 days and must be renewed frequently. By contrast, most traditional SSL certificates are valid for at least one year, with the option of longer validity periods (for example, three years).
Warranty: Let’s Encrypt certificates do not include a warranty, whereas traditional SSL certificates usually do.
- To view the full Let’s Encrypt Subscriber Agreement, please visit https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf.
- For an example of a warranty from GlobalSign, please visit https://www.globalsign.com/en/repository/globalsign-warranty-policy.pdf.
Support: Let’s Encrypt does not have staff available to assist with creating or installing SSL certificates. This can be an issue for professionals and business owners who must quickly get a site configured and working. For example, GlobalSign has a network of trained personnel who provide support through online ticketing, chat, and telephone.
Customer vetting: Let’s Encrypt uses basic domain-based vetting (the ACME protocol) to issue SSL certificates. Traditional CA providers use additional vetting procedures to help verify that customers actually are who they claim to be.
SSL certificate options: Let’s Encrypt only offers domain-validated certificates (DV). If you need the extra security of an extended validation certificate (EV) for your site, you must purchase one from a traditional CA provider. Additionally, Let’s Encrypt does not offer wildcard or multi-domain certificates.