Let's Encrypt is a new Certificate Authority (CA) that offers FREE SSL certificates that are just as secure as paid certificates. This project was pioneered to make encrypted connections the default standard throughout the Internet.
The 'Let's Encrypt' project is a large step forward for security and privacy on the Internet.
There is no difference in the encryption protection these certificates offer. However, 'Let's Encrypt' certificates only provide domain validation (DV) certificates. 'Let's Encrypt' certificates do not support Organizational Validation (OV) certificates. View the following link for further details: https://letsencrypt.org/docs/faq/
If your website is a business that's processing credit cards or transmitting sensitive information (such as an eCommerce site), or has a user login section, you should only use a paid GeoTrust certificate. This helps your users ensure the connection is valid and secure.
Simple websites that need the same level of encryption without the absolute guarantee of ownership can continue to use a 'Let's Encrypt' certificate.
Although DV and OV certificates offer the same level of encryption as OV certs, DV certificates do not display the actual site name within the certificate, meaning visitors are not able to validate the certificate by viewing it. Additionally, these are potentially vulnerable to phishing attacks. For example, a malicious user could create a similar site with a DV certificate to create a forged copy of your online store. For these reasons, DV certificates are not recommended for eCommerce sites that process payment information.
'Let's Encrypt' has set up rate limitations to help protect their servers. Limits are as follows:
How long is the certificate valid?
SSL certificates generated by Let's Encrypt automatically renew every 60 days. This is for two reasons as stated on their blog post:
What level of encryption is available?
RSA-signed using 4096-bit RSA keys.
Are wildcard certificates available for use?
No. Although 'Let's Encrypt' offers wildcard certificates, it is currently not possible to use them at DreamHost. If you need SSL certificates on your subdomains, you must enable them individually.
What browsers support Let's Encrypt certs?
Certificates are trusted in all major browsers. View the blog post here:
https://letsencrypt.org/2015/10/19/lets-encrypt-is-trusted.html
What should I do if my Let's Encrypt order is pending for more than a few hours?
Let's Encrypt orders should complete automatically within 10-30 minutes, although occasionally this can process can sometimes take longer. If your order has been pending for longer than 2-4 hours, you should contact support.
Add Comment