Differences between Let's Encrypt certificates and traditional CA-issued certificates

This article discusses the differences between certificates provided by Let’s Encrypt SSL and those provided by traditional CA (certificate authority) providers.

Please note that Hostvento Hosting, in order to provide a consistent and reliable user experience, is switching from Let’s Encrypt to cPanel SSL for all newly provisioned accounts. Existing accounts will also make the change to cPanel SSL certificates in the near future. The certificates are equivalent in terms of trust level, validity, and how they are used. You should see no impact on your site, and the only difference is that the padlock in your browser will say “cPanel Inc.” instead of “Let’s Encrypt.”

The Let’s Encrypt initiative makes creating and installing SSL certificates a simple task. They are also free, so you may ask yourself, “why would I ever pay for an SSL certificate from another provider?”

Although Let’s Encrypt SSL certificates provide basic SSL encryption, they lack many of the benefits of certificates issued by established CA (certificate authority) SSL providers, including:

• Extended validity: Let’s Encrypt SSL certificates are only valid for 90 days and must be renewed frequently. By contrast, most traditional SSL certificates are valid for at least one year, with the option of longer validity periods (for example, three years).
• Warranty: Let’s Encrypt certificates do not include a warranty, whereas traditional SSL certificates usually do.
  • To view the full Let’s Encrypt Subscriber Agreement, please visit https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf.
  • For an example of a warranty from GlobalSign, please visit https://www.globalsign.com/en/repository/globalsign-warranty-policy.pdf.
• Support: Let’s Encrypt SSL does not have staff available to assist with creating or installing SSL certificates. This can be an issue for professionals and business owners who must quickly get a site configured and working. For example, GlobalSign has a network of trained personnel who provide support through online ticketing, chat, and telephone.
• Customer vetting: Let’s Encrypt SSL uses basic domain-based vetting (the ACME protocol) to issue SSL certificates. Traditional CA providers use additional vetting procedures to help verify that customers actually are who they claim to be.
• SSL certificate options: Let’s Encrypt SSL only offers domain-validated certificates (DV). If you need the extra security of an extended validation certificate (EV) for your site, you must purchase one from a traditional CA provider. Additionally, Let’s Encrypt SSL does not offer wildcard or multi-domain certificates.
  To view SSL certificate options at Hostvento Hosting, please visit https://www.Hostventohosting.com/ssl-certificates.