Mobile app version of vmapp.org
Login or Join

Login to follow query

More posts by @Debbie626

2 Comments

Sorted by latest first Latest Oldest Best

 

@Cugini213

A standard SSL certificate will do the same job at encrypting communications between the server and client whether the certificate authority has provided it for a fee or for free, and either could be considered appropriate however it is worth noting that as with any SSL certificate, you will need to ensure your server and website are configured to use it properly, and that you update the certificate whenever there are updates to supported protocols and ciphers etc.

If you are not already familiar with installing SSL certificates you may appreciate paying a fee so that you can receive associated support as may be required to help you get started.



Additionally, Let's Encrypt SSL certificates are valid for 90 days, where typically other certificate authorities provide a certificate valid for 365 days. If you are not able to automate the certificate renewal/issuance process on your server then this will mean much more manual work for you to get and keep the SSL certificate installed correctly. The 90 days validity is deliberate on their part to encourage automation since shorter certificate lifes minimise risk.

Ref: Let's Encrypt: Why ninety-day lifetimes for certificates?

10% popularity Vote Up Vote Down


 

@Goswami781

I think this question might come down to opinions rather than facts. But given the little research that I just carried out, it seems that Let's Encrypt may already be under abuse (see below ref).

Also, Let's Encrypt appears to be purely for encryption. Whereas services like RapidSSL offer a level of warranty for any SSL Failure.

For peace of mind, I would not go with Let's Encrypt because of these brief findings.

Abuse Article: blog.trendmicro.com/trendlabs-security-intelligence/lets-encrypt-now-being-abused-by-malvertisers/

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme