What is an SSL Certificate
A Secure Socket Layer (SSL) certificate is a security feature that encrypts communication between your computer and the website server when you access a website. Basically, it allows your computer to ‘speak’ with the server in a secure language that cannot be eavesdropped by another person. This is very important and soon all websites will have to use SSL.
We have two types of SSL, Self signed SSL and Verified SSL. Self Signed SSL is one created and issued by yourself from your computer and is not certified by a Certificate Authority (CA). This one shows a yellow marking in place of the green padlock indicating to the visitor accessing the site that the certificate isn’t verified. It’s not advisable to use self-signed certificate for online websites. The other type, Verified SSL is issued by a Certificate Authority and displays a green padlock near the https tag in your browser. These are the certificates that should be used when deploying websites online.
What is a Certificate Authority
A Certificate Authority (CA) is an organisation that verifies and issues an SSL certificate so that it’s installed on a domain name. There are several CAs available. One such organisation is called Let’s Encrypt. What sets this Let’s Encrypt apart from the rest is that, it issues Free SSL certificates, fully verified. Other CAs will sell SSL certificates at some price but Let’s Encrypt will provide the certificates free of charge.
The Let’s Encrypt certificate is provided free for life for any domain registered. The functionality of the certificates is the same as those provided by premium CAs.
How to get Let’s Ecnrypt.
There are several ways through which Let’s Ecrypt makes certificates available for anyone who wishes to use it. Here are ways to acquire it:
1. Using your hosting control panel.
Let’s Encrypt CA has come to an understanding with many hosting control panels such as cPanel, Plesk, CentosWeb-Panel etc to provide a free SSL plug-in for users to automatically install and renew SSL certificates. At Truehost, this feature is available for all domains hosted with us under our premium packages.
2. Using websites that provide SSL
Let’s Encrypt CA has an agreement with some websites to provide the certificate for free. Examples of such websites are https://sslforfree.com and https://zerossl.com. The issuance process is simple and straight forward for ease of acquiring the certificate.
3. Using certbot
Certbot is a package available for RHEL/Centos and Ubuntu servers that allows you to automatically fetch, install and renew SSL certificates provided by Let’s Encrypt. This package is best suited for users who use SSH access to a VPS or Dedicated server instead of using control panels like cPanel.
Comparison between Let’s Encrypt and other premium SSLs.
Below is a comparison table between Let’s Encrypt SSL and Other premium SSLs. This will go a long way to help you understand why you should use an SSL certifcaite and when you could opt for the premium options instead of Let’s Encrypt.
Let’s Encrypt SSL
|Price||Free for life||Cost ranges from a few dollars to thousands of dollars depending on the type of SSL|
|Duration before expiry||Can be issued for 4 months before it expires||Can be issued for 3 years before it expires|
|Set up ease||Very easy to set up||Ease of setup varies with EV certificates being most complex to setup|
|Funding of the CA||Donations/Sponsorships from individuals and organisations||These CAs fund themselves from money obtained through selling SSL certificates|
|Certificate type offered (DV |OV | EV)||Offers DV only hence serving as a solution only to some websites||Offers DV, OV and EV certificates hence providing SSL for any website|
|Warranty||Does not offer warranty in case of data breach||Offers warranties in case your secured site experiences a data breach|
|Site seal||No site seal provided||Site seal is provided|
In conclusion, Let’s Encrypt brings a solution to the market so that no website has a reason not to run securely under https. However, it does not cover all grounds as some organisations such as banks and e-commerce sites need EV certificates to really secure their clients’ transactions. This is because, EV certificates proof the identity of a site beyond reasonable doubt by adding the organisations name on the address bar. That cannot be achieved using Let’s Encrypt. But at least, if all goes south, the least to expect from any site, whether e-commerce, a blog, a mail server or an online portal is that they should be secured by SSL because Let’s Encrypt provides SSL certificates free – for life.v