Let's Encrypt vs Paid SSL

We often receive questions regarding the difference between a Let’s Encrypt SSL and a Paid SSL. Below we will be breaking down the pro’s and con’s of both to assist you in making a decision on which to choose.

NOTE: It is strongly recommended to use a Paid SSL for production sites to avoid potential uncertain downtime.

Paid SSL

A Paid SSL is an ideal choice when handling sensitive customer information or if you expect to take payment taken via your website. This is due to the extra vetting and validation procedures that are required to acquire the SSL. Additionally, most paid SSL’s provide a warranty, ensuring that the connection between server and visitor will be protected from a compromise. This will cover both yourdomain.com and www.yourdomain.com.

Please Note: The warranty is not in reference to a compromised site, only that the connection between server and visitor is secure.

Paid SSL Pro's

  • Complete Security - fully validated SSL certificate ensures that there is no possibility of your connection being compromised between the site and visitor
  • Wildcard SSL easier to implement across multiple subdomains
  • Extended validity - Paid SSL’s enjoy a longer period before renewing is neccessary (usually at least 1 year before needing to renew).
  • Validation Process - Paid SSL’s provide options for Extended Validation (EV for short) to provide additional trust and security.
  • Green Bar - Some paid SSL’s provide the ability to display a green bar with your company name inside.
  • Recommended for Mission Critical applications.

Paid SSL Con's

  • Price
  • Time to implement
  • Additional steps required to issue. Paid SSL’s generally require additional vetting (one of the following methods are used: email, phone call, file validation, etc…) before the SSL is issued.

Let's Encrypt

Let’s Encrypt is a nonprofit free service that is provided by the Internet Security Research Group to encourage web security by providing free SSL certificates. This SSL certificate is generally used for sites that do not handle sensitive private information or payment via website. The Let’s Encrypt SSLs are great for sites that are looking to comply with new security guidelines that are being integrated into the Chrome browser but do not require the trust and warranty that comes with a paid SSL. This will cover both yourdomain.com and www.yourdomain.com.

Let's Encrypt Pros

  • Complete Security - provides the same function as a paid SSL minus the trust, vetting, and warranty that comes with a paid SSL.
  • Quicker Issuance - Due to the largely automated process of validating and issuing certificates, an SSL can be issued usually within minutes.
  • Free - The Let’s Encrypt SSL’s are provided free.

Let's Encrypt Cons

  • Validation Process - Let’s Encrypt SSLs utilize domain validation (DV for short). This just checks to see if the requestor is in control of the domain. While making the process quicker, it does not carry the same trust that a Paid SSL will.
  • Validity Period - Let’s Encrypt SSLs are valid for 90 days. While the re-issuance is largely automated, this is still a major consideration to make for active e-commerce sites. The cause for concern here is related to the certificate having to renew 4 times per year, combined with there being numerous potential problems with the automated renewal process. In most cases, the renewal process works fine. However for e-commerce sites, while some customers choose to go this route, we do not recommend the Let’s Encrypt option.
  • Currently, there is no Wildcard SSL option for Let’s Encrypt SSLs, however, this is expected to change.