let's encrypt logo

Let’s Encrypt certificate or a commercial SSL – the final verdict

let's encrypt logo

Let's Encrypt background info

Introduced in 2016, Let's Encrypt represents a free open certificate authority (CA), which provides website owners with digital certificates for enabling HTTPS (SSL/TLS).

It was launched by the Internet Security Research Group (ISRG), a public-benefit organization sponsored by the Mozilla Foundation, the Electronic Frontier Foundation (EFF) and Cisco Systems, with the aim of making HTTPS encryption both affordable and user-friendly.

Their main goal is to create a more secure, privacy-driven web.

Continue reading

COMODO most popular SSL certificate brand amongst top 1mn websites

COMODO most popular SSL brand and comes out a clear winner with a 28% website share. GeoTrust comes in a distant second with a 12% share. GoDaddy is third with 7%. Lets Encrypt comes 5th and powers 5% of these websites.

The top certificate authorities identified are as follows:

comodo most popular ssl certificate

Image courtesy Kenn White via Adam Caudill

700,275 out of the top 1 million websites responded with a SSL / TLS certificate on port 443. The scanner attempted to connect to the domain on port 443, and if that failed, then attempted to connect to the “www” subdomain. 

The scan was run with an eight second timeout. Any server that couldn’t complete a handshake within eight seconds wasn’t counted.

No certificate validation was performed. The scan didn’t attempt any other ports or subdomains.

let's encrypt logo

Let’s Encrypt Free SSL Certificates – What You Need To Know

About Let’s Encrypt

let's encrypt logoLet’s Encrypt is a new non-profit Certificate Authority (CA) sponsored and founded by industry advocates; such as, the Electronic Frontier Foundation (EFF), Mozilla, and the Internet Security Research Group (ISRG). Let’s Encrypt offers free SSL certificates.

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

Let’s Encrypt Will Have Major Limitations

Unfortunately, Let’s Encrypt will have some very notable limitations due to their limited funding and infrastructure. Because they will only be offering free certificates, they will only be able to provide automated, basic encryption only/Domain Validated (DV) SSL certificates with no other frills that typically come with SSL certificates.

Other observations that undermine Let’s Encrypt

Since the SSL certificates are free of cost and open to anyone, malvertisers and other bad guys can get them for all their websites. This lets them encrypt data transferred to their servers making detection by good guys more difficult. This undermines the trust factor of Let's Encrypt and could lead to their certificates being derecognised in future.

Unlike brands that have been around for longer such as COMODO, Thawte, GeoTrust, Symantec, etc., Let's Encrypt intermediate CA certificates (required for recognising website certificates) are not available on older versions of operating systems such as Windows XP. Users on those systems will not have a secure connection and so will not transact.

Years of Experience Taught us That Users Need More than a Free Certificate

We have worked with many customers and if our experience has taught us anything, it’s that SSL can be confusing, and many people need help. Knowing what type of certificate you need and how you will get it successfully working on your network are the most common and most serious questions our customers have.

Let’s Encrypt’s one-size-fits-all approach isn’t perfect. A personal blog has different needs than a corporate homepage. We believe there is a perfect solution for everyone: personal attention and attentive support behind globally recognized brands. A free service cannot afford to give that to their non-paying customer.

Our Assessment of Let’s Encrypt

We do not think Let’s Encrypt should be a viable option for commercial use of any kind, you should continue to buy from established Certificate Authorities (CAs) such as Symantec, Comodo, GeoTrust, RapidSSL and Thawte. Especially since the pricing for basic encryption/Domain Validated (DV) certificates are available for extremely low and affordable rates and still carry a strong brand name recognized by most web users.