Newsletter
Web development tips, marketing strategies and A2 Hosting news sent to your inbox.
Nuestra base de conocimientos sólo está disponible actualmente en inglés. Estamos en el proceso de traducir estas páginas y las publicaremos cuando estén disponibles.
Knowledge Base
Let's Encrypt SSL vs. Traditional CA-issued Certificates
This article discusses the differences between certificates provided by Let's Encrypt SSL and those provided by traditional CA (certificate authority) providers.
Please note that A2 Hosting, in order to provide consistent and reliable user experience, is switching from Let’s Encrypt to Sectigo for all newly provisioned accounts. Existing accounts will also make the change to Sectigo certificates sometime in the near future. The certificates are equal in terms of trust level, validity, and how they are used. You should see no impact on your site, and the only difference is that the padlock in your browser will now say “cPanel Cert Issued by Sectigo” instead of “Let’s Encrypt."
What Is Let's Encrypt SSL?
The Let's Encrypt initiative makes creating and installing SSL certificates a simple task. They are also free, so you may ask yourself, “why would I ever pay for an SSL certificate from another provider?”
Although Let's Encrypt SSL certificates provide basic SSL encryption, they lack many of the benefits of certificates issued by established CA (certificate authority) SSL providers, including:
- Extended validity: Let's Encrypt SSL certificates are only valid for 90 days and must be renewed frequently. By contrast, most traditional SSL certificates are valid for at least one year, with the option of longer validity periods (for example, three years).
- Warranty: Let's Encrypt certificates do not include a warranty, whereas traditional SSL certificates usually do.
- To view the full Let's Encrypt Subscriber Agreement, please visit https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf.
- For an example of a warranty from GlobalSign, please visit https://www.globalsign.com/en/repository/globalsign-warranty-policy.pdf.
- Support: Let's Encrypt SSL does not have staff available to assist with creating or installing SSL certificates. This can be an issue for professionals and business owners who must quickly get a site configured and working. For example, GlobalSign has a network of trained personnel who provide support through online ticketing, chat, and telephone.
- Customer vetting: Let's Encrypt SSL uses basic domain-based vetting (the ACME protocol) to issue SSL certificates. Traditional CA providers use additional vetting procedures to help verify that customers actually are who they claim to be.
SSL certificate options: Let's Encrypt SSL only offers domain-validated certificates (DV). If you need the extra security of an extended validation certificate (EV) for your site, you must purchase one from a traditional CA provider. Additionally, Let's Encrypt SSL does not offer wildcard or multi-domain certificates.
To view SSL certificate options at A2 Hosting, please visit https://www.a2hosting.com/ssl-certificates.
Related Articles
We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.