Let's Encrypt is a new Certificate Authority (CA) that offers FREE SSL certificates that are just as secure as current paid certificates. This project was pioneered to make encrypted connections the default standard throughout the Internet.
The 'Let's Encrypt' project is a large step forward for security and privacy on the Internet.
Key benefits of using a Let’s Encrypt SSL certificate:
- It's free – Anyone who owns a domain can obtain a trusted certificate for that domain at zero cost.
- It's automatic – The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process. The renewal occurs automatically in the background.
- It's simple – There's no payment, no validation emails, and certificates renew automatically.
- It's secure – Let’s Encrypt serves as a platform for implementing modern security techniques and best practices.
Difference between a free Let's Encrypt certificate and a paid Comodo certificate
There is no difference in the protection these certificates offer.
There were previously two options to purchase an SSL certificate in the panel:
- Add a free self-signed certificate. This causes a warning to be shown in the browser when the site is visited.
- Add a paid professionally-signed certificate. This does not cause a browser warning when visiting the site.
Let's Encrypt is a new option added in the DreamHost panel. It's free and professionally signed so it displays no warnings when visited. Current users still have the option to either purchase a paid Comodo certificate, or a free Let's Encrypt certificate. Both function the same as far as security is concerned.
Forcing your website to load securely (HTTPS)
View the following article for details on how to force your WordPress site to load only using HTTPS:
View the following article for details on how to force your DreamPress site to load only using HTTPS:
All other websites
You can force your website to load securely using HTTPS using an .htaccess file. View the following article for examples:
'Let's Encrypt' has set up rate limitations to help protect their servers. Limits are as follows:
- Names/Certificate – Limit on how many domain names you can include in a single certificate. This is currently limited to 100 names, or websites, per certificate issued. Certificates per domain you could run into through repeated re-issuance. This limit measures certificates issued for a given combination of Public Suffix + Domain (a "registered domain"). This is limited to 5 certificates per domain per week.
- Registrations/IP address – Limits the number of registrations you can make in a given time period; currently 500 per 3 hours. This limit should only affect the largest users of Let's Encrypt.
- Pending Authorizations/Account – Limits how many times an ACME client can request a domain name be authorized without actually fulfilling on the request itself. This is most commonly encountered when developing ACME clients, and this limit is set to 300 per account per week.
View the following link for further details:
How long is the certificate valid?
SSL certificates generated by Let's Encrypt are valid for 90 days. This is for two reasons as stated on their blog post:
- They limit damage from key compromise and mis-issuance since stolen keys and mis-issued certificates are valid for a shorter period of time.
- They encourage automation, which is absolutely essential for ease-of-use. This takes the burden off system administrators to manually handle renewals. Once issuance and renewal are automated, shorter lifetimes won’t be any less convenient than longer ones.
What level of encryption is available?
RSA-signed using 2048-bit RSA keys.
Are wildcard certificates available?
No. This is also no longer necessary since it's so simple to obtain a free Let's Encrypt certificate for any domain/subdomain.
What browsers support Let's Encrypt certs?
Certificates are trusted in all major browsers. View the blog post here: