Free SSL Certificates Let's Encrypt have the same reliability of payments?

14

Encryption TLS is used by lets encrypt and uses the acme protocol that exchanges files between server-client, I realize that using https a little delay already used the paid certificate and also realized this delay, based on this I think it should be because of the exchange of files where it is criptografado transferred and checked and descriptografado .

My question is as follows, I am searching for SSL certificates and I come across many forums commenting on the Let's Encrypt certificate, which are very good and free but I could not find out their reliability, if they can be used in ecommerce with the same security as paid certificates?

Or as a developer should I use these certificates just to test the applications, and when there is the homologation of the client should I do the hiring?

    
asked by anonymous 14.02.2017 / 17:31

1 answer

8

The certificates currently offered in the market are so cheap that, particularly speaking, it does not make up for the "economy" with free alternatives. But regardless of this, Let's Encrypt is currently widely supported and recognized by leading web browsers. But still incompatible in other environments in certain circumstances. The use is worth more where you have a test project where you do not want to spend 1 cent and do not have too much concern for compatibility.

However, for a virtual store, even if small, it is not a good choice. Given the conditions and options available in the market.

I would rather not cite certifying names but, as the question itself mentions names, I can cite the GlobeSSL which offers 3 year certificates for 20USD. This value is practically "bountiful", even comparing with the lowest RapidSSL prices (85 USD / 3 years). Note that there are certificates whose "normal" price is 250USD / year. The GlobeSSL certificates are from COMODO, highly trusted and recommended by the certifiers.

Why did I mention that it is not a good idea to opt for a free alternative to a virtual store? It is simply from what has already been explained above regarding the range of compatibilities and because there are options accessible to low budget.

If the online store can not afford $ 20 a year, it is bankrupt.

However, there is nothing to stop you from using free alternatives like Let's Encrypt.

Relevant information, commented by @Inkeliz, is that Let's Encrypt certificates have a short shelf life. Currently it is 90 days (3 months).

To resolve this small problem you can create scripts for auto-renewing the certificate. This can be done on your own by running in the background (cron / schtask) or by using certbot .

In a general summary, when choosing a certificate issuer, check the basics:


- Reliability before browsers  
There is no 100% compatibiliadde in any certificate, from the free to the most expensive. However, those that are stable usually announce 99.9% compatibility.



- Subscriptions and encryption  
The minimum, but not mandatory, acceptable is 2048-bit signatures and 254-bit encryption.



- Limitations of licenses per server  
There are currently no limitations. For example, you purchased a certificate for a domain, but you have a site with 15 servers. Previously there were restrictions for example, limit up to 5 or 10 servers so you would have to buy 2 or 3 certificates for the same domain.


- Logo / tag to increase SEO conversion rates.    
This is something important to increase the reliability of your site before visitors and also to search engines.



- Guarantees (indemnification)    
A paid certificate usually offers assorted warranty plans. For example, if a certificate fails to cause damage to the owner and it is proven that the failure is the issuer of the certificate, the owner receives an indemnity amount. That's usually $ 50,000 onwards. It is normal that values exceed $ 2 million, for example.


These basics are not clear on the official Let's Encrypt website. Obviously because they do not guarantee it. And because it is free there is no option to guarantee against failures. For the term of guarantee is nothing more than an indemnity insurance. You pay for this built-in certificate value.

    
20.02.2017 / 16:25