Difference between Let's Encrypt and a paid SSL certificate

This article discusses the differences between SSL certificates provided by Let's Encrypt and those provided by traditional certificate providers.

The first thing most people notice is that Let's Encrypt certificates are free, this leads most people to the ultimate next question - why should I bother paying for one? (Also remember if you're not on an SNI enabled server you may need to pay for an IP address as well as a certificate).

Let's Encrypt provide basic SSL encryption, but they do provide encryption, so it depends on your reasons for requiring a secure certificate, if it's just to secure a contact form a Let's Encrypt certificate may be all you need, if it's something more involved you may want to consider purchasing a certificate from an established Certificate Authority.

Key differences between the two are:

  • Extended validity: Let's Encrypt certificates are only valid for 90 days and must be renewed frequently (our cPanel implementation does this automatically for you). Most traditional SSL certificates are valid for at least one year.

  • Warranty: Let's Encrypt certificates do not include a warranty, whereas traditional SSL certificates usually do.
  • Support: Let's Encrypt does not have staff available to assist with creating or installing SSL certificates, where as a certificate authority will do.

  • Customer vetting: Let's Encrypt uses basic domain-based vetting (the ACME protocol) to issue SSL certificates. Traditional CA providers use additional procedures (phone, email, domain or more) to help verify that customers actually are who they claim to be.
  • SSL certificate options: Let's Encrypt only offers domain-validated certificates (DV). If you need the extra security of an extended validation certificate (EV) for your site, you must purchase one from a traditional CA provider. Additionally, Let's Encrypt does not offer wildcard or multi-domain certificates.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Changing your cPanel password

You should change your cPanel password regularly, it is the key to your account and remember you...

Password protecting directories

You may want to password protect a directory without the need for scripts and people being able...

Denying IP addresses access to your site

The IP Deny Manager is used to block access to your website from a specific IP address or IP...