Let's Encrypt SSL certificate overview

 

Overview

The Let's Encrypt root certificate is set to expire on September 30, 2021, and in most cases, it won't affect you unless you're still using an older operating system (e.g., a 4+ year OS or an older Android device).

You can read more about this update in the following articles:

Let's Encrypt is a new Certificate Authority (CA) that offers FREE SSL certificates that are just as secure as paid certificates. This project was pioneered to make encrypted connections the default standard throughout the Internet.

The 'Let's Encrypt' project is a large step forward for security and privacy on the Internet.

Benefits

Key benefits of using a Let’s Encrypt SSL certificate:

  • It's free – Anyone who owns a domain can obtain a trusted certificate for that domain at zero cost.
  • It's automatic – The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process. The renewal occurs automatically in the background.
  • It's simple – There's no payment, no validation emails, and certificates renew automatically.
  • It's secure – Let’s Encrypt serves as a platform for implementing modern security techniques and best practices.

Should I use a 'Let's Encrypt' or paid Sectigo certificate?

If your website is a business that's processing credit cards or transmitting sensitive information (such as an eCommerce site), or has a user login section, you should only use a paid Sectigo certificate. This helps your users ensure the connection is valid and secure.

Simple websites that need the same level of encryption without the absolute guarantee of ownership can continue to use a 'Let's Encrypt' certificate.

Forcing your website to load securely (HTTPS)

WordPress sites

View the following article for details on how to force your WordPress site to load only using HTTPS:

DreamPress sites

View the following article for details on how to force your DreamPress site to load only using HTTPS:

All other websites

You can force your website to load securely using HTTPS using an .htaccess file. View the following article for examples:

Rate limits

'Let's Encrypt' has set up rate limitations to help protect their servers. Limits are as follows:

  • Names/Certificate – Limit on how many domain names you can include in a single certificate. This is currently limited to 100 names, or websites, per certificate issued. Certificates per domain you could run into through repeated re-issuance. This limit measures certificates issued for a given combination of Public Suffix + Domain (a "registered domain").
  • Registrations/IP address – Limits the number of registrations you can make in a given time period; currently 10 per IP address every 3 hours. This limit should only affect the largest users of Let's Encrypt.
  • Pending Authorizations/Account – Limits how many times an ACME client can request a domain name be authorized without actually fulfilling the request itself. This is most commonly encountered when developing ACME clients, and this limit is set to 300.

View the following link for further details:

FAQs

How long is the certificate valid?

SSL certificates generated by Let's Encrypt automatically renew every 60 days. This is for two reasons as stated on their blog post:

  • They limit damage from key compromise and mis-issuance since stolen keys and mis-issued certificates are valid for a shorter period of time.
  • They encourage automation, which is absolutely essential for ease of use. This takes the burden off system administrators to manually handle renewals. Once issuance and renewal are automated, shorter lifetimes won’t be any less convenient than longer ones.

If your site's Let's Encrypt certificate expires without successfully renewing, please contact support.

What level of encryption is available?

RSA-signed using 4096-bit RSA keys.

Are wildcard certificates available for use?

No. Although 'Let's Encrypt' offers wildcard certificates, it is currently not possible to use them at DreamHost. If you need SSL certificates on your subdomains, you must enable them individually.

What browsers support Let's Encrypt certs?

Certificates are trusted in all major browsers. View the blog post here:

What should I do if my Let's Encrypt order is pending for more than a few hours?

Let's Encrypt orders should complete automatically within 10-30 minutes, although occasionally this can process can sometimes take longer. If your order has been pending for longer than 2-4 hours, you should contact support.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?