Free SSL certificates Let’s Encrypt has the same reliability as paid?

Asked

Viewed 669 times

16

Encryption TLS is the one used by lets encrypt and uses the protocol acme that makes the file exchange between server - client, I realize that when using https websites get a small delay I have already used the paid certificate and also realized this delay, based on this I believe that it must be for the fact of the exchange of the files where it is criptografado transferred and checked and descriptografado.

My doubt is the following, I am researching about SSL certificates and I come across many forums commenting on the Let’s Encrypt certificate, which are very good and free but I could not find out the reliability of them, and whether they can be used in Commerce with the same security as paid certificates?

Or as a developer I must use these certificates only to test the applications, and when there is customer approval I must do the hiring?

1 answer

8


The certificates currently offered on the market are so cheap that, particularly speaking, it does not compensate the "economy" with free alternatives. But regardless, Let’s Encrypt currently has extensive support and is recognized by major web environments (browsers). But still incompatible in other environments under certain circumstances. The use is worth more where you have a test project where you do not intend to spend 1 cent and do not have much worry about compatibility.

However, for a virtual store, even if small, is not a good choice. Given the conditions and options existing in the market.

I would prefer not to cite certification names but, as the question itself mentions names, I can cite the Globessl that offers certificates of 3 years for 20USD. This amount is practically "free" comparing even the lowest prices of Rapidssl (85 USD / 3 years). Note that there are certificates whose "normal" price is 250USD / year. Globessl certificates are from COMODO, highly reliable and recommended by certifiers.

Why did I mention that it is not a good option for a free alternative to a virtual store? It is simply for what has already been explained above concerning the range of compatibilities and why there are options available for low budget.

If the online store can’t afford $20 every three years, it’s because it’s broke.

However, nothing prevents you from using free alternatives like Let’s Encrypt.

Pertinent information, commented by @Inkeliz, is that Let’s Encrypt certificates have a short life span. Currently is 90 days (3 months).

To solve this small problem it is possible to create scripts for auto-renewal of the certificate. This can be done on its own by running in the background (cron / schtask) or using the certbot.

In an overview, when choosing a certificate station, check the basic points:



- Reliability before the browsers
There is no 100% compatibility in any certificate, from free to more expensive. However, usually the stable ones announce compatibility of 99.9%.



- Signatures and encryption
The minimum, but not mandatory, currently acceptable is 2048-bit signatures and 254-bit encryption.



- License limitations per server
There are currently no limitations. For example, you purchased a domain certificate, but you have a site with 15 servers. Previously there were restrictions for example, limit of up to 5 or 10 servers so you would have to buy 2 or 3 certificates for the same domain.



- Logo/brand to increase SEO conversion rates.
This is important to increase the reliability of your site to visitors and also to search engines.



- Guarantees (indemnity)
A paid certificate usually offers varied warranty plans. For example, if a certificate fails causing damage to the owner and it is proven that the failure is from the certificate issuer, the owner receives an indemnity amount. This value is usually 50 thousand dollars onwards. It is normal that the values exceed 2 million dollars, for example.


These basic points are not clear on the official Let’s Encrypt website. Obviously because they do not guarantee. And because it is free there is no warranty option against failures. Because the warranty term is nothing more than an indemnity insurance. You pay this embedded in the certificate value.

  • 3

    +1 for prices. Just to add to the commode you have ~50 dollars, annual, a "Wildcard" certificate, which covers subdomains. In detail, Let’s Encrypt still has the "problem" of limiting the certificate by up to 90 days (https://letsencrypt.org/2015/11/09/why-90-days.html).

  • Updating, there are currently no more 3 year certificates. The standard was modified to 2 years in May or March 2018. I don’t understand why so many negatives. I wonder what I wrote that could be wrong...

Browser other questions tagged

You are not signed in. Login or sign up in order to post.