Overview
The Let’s Encrypt root certificate will expire on September 30, 2021, and it won’t effect you unless you’re still using an earlier operating system (e.g., a four-year-old OS or an older Android smartphone).
More information on this update can be found in the following articles:
DST Root CA X3 Expiration — Let’s Encrypt (September 2021)
TechCrunch: Let’s Encrypt Root Expiry
Let’s Encrypt is a new Certificate Authority (CA) that provides free SSL certificates with the same level of security as purchased certificates. This project was started with the goal of making encrypted connections the standard on the Internet.
The ‘Let’s Encrypt’ project is a significant step forward in terms of Internet security and privacy.
Benefits
The following are some of the main advantages of using a Let’s Encrypt SSL certificate:
It’s free — Anyone who owns a domain can get a trustworthy certificate for it at no charge.
It’s painless – The complete certificate enrollment process takes place during the server’s native installation or configuration process. In the background, the renewal happens automatically.
It’s easy – there’s no cost, no validation emails, and certificates automatically renew.
It’s safe — Let’s Encrypt acts as a platform for putting modern security solutions and best practices into effect.
Difference between a free Let’s Encrypt certificate and a paid Sectigo certificate
The encryption protection provided by these certificates is identical. Let’s Encrypt certificates, on the other hand, only issue domain validation (DV) certificates. Organizational Validation (OV) certificates are not supported by ‘Let’s Encrypt’ certificates. For further information, go to the following link:
https://letsencrypt.org/docs/faq/
What’s the difference?
Only a secure connection to the website can be ensured with (DV) certificates. A ‘Let’s Encrypt’ certificate can be added by anyone with admin credentials to the website’s panel. The certificate is automatically added after you add it to the panel.
(OV) certificates authenticate everything that a (DV) does, as well as additional organizational information about the person who is acquiring the certificate, such as their name, city, state, and country. The user may be required to respond to an email with a verification number, which must then be typed into Sectigo’s website. However, how the DCV procedure verifies the certificate is a factor. For a complete list of steps, see the following article:
How can I get an SSL certificate that is signed by a professional?
Should you use a ‘Let’s Encrypt’ or paid Sectigo certificate?
Only use a premium Sectigo certificate if your website is a business that processes payment cards or transmits sensitive information (such as an eCommerce site) or includes a user login section. This ensures that the connection is valid and secure for your users.
A ‘Let’s Encrypt’ certificate can be used for simple websites that require the same level of encryption but do not require an absolute guarantee of ownership.
Although DV and OV certificates provide the same level of encryption as OV certificates, DV certificates do not include the actual site name, making it impossible for visitors to verify the certificate by looking at it. Furthermore, these may be subject to phishing assaults. For example, a malevolent user could build a falsified clone of your online store by creating a comparable site with a DV certificate. DV certificates are not advised for eCommerce sites that process payment information for these reasons.
Forcing your website to load securely (HTTPS)
WordPress sites
For more information on how to force your WordPress site to only load using HTTPS, see the following article:
What is the best way to use an SSL certificate with WordPress?
GreggPress sites
For more information on how to force your GreggPress site to only load using HTTPS, see the following article:
Using GreggPress to enforce HTTPS
All other websites
Using an.htaccess file, you may compel your website to load safely using HTTPS. For examples, see the following article:
Using an.htaccess file to force HTTPS
Rate limits
To assist secure their servers, ‘Let’s Encrypt’ has implemented rate limits. The following are the restrictions:
Names/Certificate – The number of domain names that can be included in a single certificate is limited. Per certificate issued, the number of names or websites is currently limited to 100. You can run into certificates per domain if you keep re-issuing them. This restriction refers to the number of certificates issued for a certain Public Suffix + Domain combination (a “registered domain”).
Registrations/IP address – Sets a limit on how many registrations you can make in a specific time period; currently, it’s 10 per IP address per three hours. This restriction should only apply to Let’s Encrypt’s most powerful users.
Pending Authorizations/Account – Limits the number of times an ACME client can seek the authorization of a domain name without actually completing the request. This limit is set to 300 because it is most typically encountered when developing ACME clients.
For further information, go to the following link:
FAQs
How long is the certificate valid?
Is the certificate valid for a certain amount of time?
Let’s Encrypt SSL certificates are automatically renewed every 60 days. As mentioned in their blog post, this is for two reasons:
Because stolen keys and mis-issued certificates are valid for a shorter period of time, they mitigate the damage caused by key breach and mis-issuance.
They promote automation, which is critical for user convenience. This relieves system administrators of the hassle of manually managing renewals. Shorter lifetimes will not be less convenient than longer ones once issuance and renewal are automated.
Please contact support if your Let’s Encrypt certificate expires without being correctly renewed.
What level of encryption is available?
4096-bit RSA keys were used to sign the document.
Are wildcard certificates available for use?
No. Although ‘Let’s Encrypt’ provides wildcard certificates, GreggHost does not yet support them. If your subdomains require SSL certificates, you must enable them individually.
What browsers support Let’s Encrypt certs?
All major browsers accept certificates as valid. Here’s the link to the blog post:
https://letsencrypt.org/2015/10/19/lets-encrypt-is-trusted.html
What should I do if my Let’s Encrypt order is pending for more than a few hours?
Orders placed with Let’s Encrypt should be completed automatically in 10 to 30 minutes, though this process may take longer at times. You should contact support if your order has been pending for more than 2-4 hours.