Let’s Encrypt: the pros and cons of free SSL

Did you land on this blog because you want to secure your website with HTTPS and a security lock in the address bar? Good job!😉 That encrypted security is what you get thanks to an SSL certificate. There are several ways to purchase SSL certificates. The free Let's Encrypt certificate is one of them. Such a free SSL has both advantages and disadvantages. Besides, a Let's Encrypt certificate is not equally suitable for every website. Here's what you need to know.

What is Let's Encrypt?

When it comes to SSL, you've probably heard about Let's Encrypt. That's an international, independent and also free certificate authority from the Internet Security Research Group. That's a collaboration between major players such as Amazon, Mozilla, Google and Facebook.

Let's Encrypt was founded in 2015. This nonprofit initiative gives startups or administrators of small websites the chance to secure their applications in an approachable way. So without a very large budget.

Internet that respects privacy

The goal of Let's Encrypt is to improve Internet security by making it easy and affordable for owners to secure their websites with free SSL certificates. That way, more and more websites will adopt an encrypted HTTPS connection.

Given that it is perfectly possible with a free certificate, why opt for a premium SSL certificate that you have to pay for? Well, that depends on the purpose and size of your website. But also how much confidence and transparency you want to give your online visitors.

If you don't have a very large website and your main concern is to provide an encrypted and secure HTTPS connection, then a Let's Encrypt certificate will probably do the trick. After all, even with free SSL you increase the reliability of your website and rank higher in Google. No need to worry about a browser like Google Chrome tossing a warning message in your visitors' faces.

Let's Encrypt: opt for free or premium SSL certificate? Both will get you higher rankings in Google!
Let's Encrypt: opt for free or premium SSL certificate? Both will get you higher rankings in Google!

Difference between a commercial SSL certificate and a Let's Encrypt SSL certificate

There are three main differences between a commercial SSL certificate and a free Let's Encrypt SSL certificate: specifically, the type of SSL certificates, the price and the certificate authority itself.

1. Two types of certificates: Domain Validation and Wildcard SSL

Quite a limitation of Let's Encrypt: you can only choose two types of SSL certificates.

The first is an SSL certificate with Domain Validation. With domain validated certificates, your visitors enjoy a secure connection, your website is marked as secure and ranks better in Google. However, visitors are not 100% sure which owner or organization is behind the website. Domain Validation is a match for individuals and non-profit organizations in most cases.

Secondly: Wildcard SSL to secure your domain name and all subdomains. This is the perfect option if you use many subdomains for different parts of your website or application. The number of subdomains of the domain name for which you want Wildcard SSL is unlimited.

2. Get your SSL certificate for free thanks to Let's Encrypt

For many, the free aspect is the reason why a Let's Encrypt certificate is so interesting. But is free really free? Apparently, yes. You don't have to pay for the certificates and required programs.

That's because staff costs at Let's Ecrypt are very modest and validation is almost entirely automated. Other costs are largely covered by sponsors and supporters.

For example, Let's Encrypt can rely on a partnership with Linux Foundation, another nonprofit organization in the tech world, for their hardware. On the other hand, that makes Let's Encrypt financially reliant.

3. Non-profit organization as certificate authority.

A commercial SSL certificate is issued by a commercial certificate authority and requires payment for issuance and renewal. These certificates, unlike those issued by Let's Encrypt, often have extensive validation and verification procedures and provide guarantees and assurances.

Let's Encrypt, with the Internet Security Research Group as its mother organization, is a nonprofit organization and thus has no commercial interests. It makes it a unique certificate authority.

Let's Encrypt's SSL certificates guarantee you the same encryption and authentication levels as paid certificates, but require less validation and verification.

Let's Encrypt is therefore especially suitable for small websites and personal blogs. Larger websites or webshops are better off choosing premium SSL.

SSL certificates by Let's Encrypt included in Combell's hosting package

So, good news: since Combell finds online security very important, SSL certificates from Let's Encrypt are included by default in your hosting package.

This means that, with Combell, you can always count on an encrypted HTTPS connection. Afterwards, it is up to you to decide whether you want to invest in additional cybersecurity by choosing a paying SSL certificate.

How does Let's Encrypt work?

As we mentioned, Let's Encrypt uses an automatic process to assign SSL certificates. That process was given the fancy name "Automatic Certificate Management Environment" (ACME).

When you request a certificate from Let's Encrypt, your webserver communicates with Let's Encrypt's using the so-called ACME protocol. This way, the authenticity of your website can be verified and the SSL certificate will be automatically generated and installed.

Request, install and manage Let's Encrypt on your own

You can request, install and activate a free SSL certificate from Let's Encrypt via Combell's control panel.

It is even possible to install Let's Encrypt if your domain name does not refer to your hosting package.

SSL through Let's Encrypt provides your website a secure connection.
SSL through Let's Encrypt provides your website a secure connection.

Advantages of a Let's Encrypt SSL certificate

Improved security: the connection between user and server is encrypted
No "Insecure" warning. No HTTPS on your website? If so, some browsers - rightfully so - show a warning to anyone surfing to your non-encrypted website
A higher SEO ranking. Google has confirmed that SSL is an important Google ranking factor
Compatible with HTTP/2 . With a website, protected by SSL, you can use the HTTP/2 protocol allowing your pages to load faster and be more efficient

Disadvantages of Let's Encrypt SSL certificate

Let's Encrypt doesn't offer you any warranties in case of data leakage
No extra protection against phishing
Limited validation: no SSL certificate with Organization Validation or Extended Validation
Although you can get it renewed automatically, your free SSL expires after 90 days

Yes or no: Have Let's Encrypt certificate installed to your website?

Those who want to protect a small website with HTTPS and the (green) lock in the address bar, but do not want to spend a large budget in return, are helped by Let's Encrypt.

But extended SSL certificates have a great added value over such a free SSL certificate. With an SSL certificate with Organization Validation or Extended Validation, you provide much more transparency to your visitors. Moreover, the established reputation of a certificate authority serves as an extra safeguard.

Consider that investment in a paid certificate as a win-win situation. With a premium SSL certificate, customers will gain even more confidence in the security of your website and thus will order more, request offers, fill out forms ...

According to Sectigo, one of the largest international providers of SSL certificates, customers are up to 50% more likely to make a payment on a website that uses an encrypted connection via SSL.