The free SSL certificates from Let's Encrypt have been available since May 2016. Since then, many customer inquiries have piled up. Is Let's Encrypt really free? How exactly can you set up Let's Encrypt? And who actually takes care of the technical aspects? We answer these and other questions in this Let's Encrypt FAQ - quick and dirty.
The most important questions at a glance:
- Is Let's Encrypt really free?
- What distinguishes Let's Encrypt certificates from "normal" SSL certificates?
- How do I install Let's Encrypt certificates?
- What requirements must my website fulfill?
- I am not a technician: Who can set up Let's Encrypt for me?
- Can there be problems if I use Let's Encrypt certificates in WordPress?
- Who is actually behind Let's Encrypt?
- What are the goals of Let's Encrypt?
- What are the greatest strengths of Let's Encrypt?
- What are the biggest weaknesses of Let's Encrypt?
- Where can I get help with Let's Encrypt?
- Do I even need SSL on my site?
- How long are Let's Encrypt certificates valid for?
- Will SSL slow down my website?
- What does the future of Let's Encrypt look like?
- With which hosters can I use Let's Encrypt certificates?
Note: If you are looking for a Let's Encrypt guide, then I can recommend documentation from Let's Encrypt itself. Here you will find all the relevant information about the setup. Do you have another question or are you missing an important answer? Just leave a comment and we'll include the questions and answers in this article. At the end of the article you will also find a list of the most important German hosters and WordPress hosters and their level of implementation of free SSL.
Is Let's Encrypt really free?
Yes, the certificates are completely free of charge. The server settings and the certification software - the Certbot - don't cost a cent either. The only investment is the time you need to familiarize yourself with the operation and maintenance of Let's Encrypt. Some hosters also offer the free SSL at the touch of a button.
What distinguishes Let's Encrypt certificates from "normal" SSL certificates?
From a technical point of view, nothing. The principle of authentication is the same: keys are exchanged between the browser and the web server, which are compared in a so-called handshake. If the keys match, the communication is encrypted. The strength of this encryption depends on the web server settings, but is usually so high that it can only be cracked with massive effort. It is important to note that Let's Encrypt does not currently offer extended certificates for organization validation (OV) or extended validation (EV). This means that although the normal encryption notice is available in the address line via Let's Encrypt certificates, the popular green address line cannot be implemented.
- The website on the left has a domain-validated certificate. It is therefore marked as secure in Chrome. In contrast, Paypal also shows the company that owns the page in the address bar. This is common practice for payment providers, banks and booking portals, for example.
How do I install Let's Encrypt certificates?
It depends. Among other things, it depends on your web server and your hosting plan. In the Certbot user guide you will find detailed instructions and many explanations on how to set up Let's Encrypt certificates on the various systems. Also find out beforehand whether your host supports Let's Encrypt at all. You will find a corresponding list at the end of the article.
What requirements must my website fulfill?
The requirements and the first steps for setting up can be easily accessed via https://certbot.eff.org. Simply enter the web server and operating system and the page spits out the relevant information.
I am not a technician: Who can set up Let's Encrypt for me?
You don't have the relevant technical knowledge, but are confident that you can acquire it? Then take a look at the resources at the top of the page.
You have no technical knowledge and no time or desire to deal with the topic? Then you have two options: If you are only interested in free SSL, then many hosters already offer an integrated, free SSL certificate.
Simply contact your hosting partner; you may already be using free SSL. If you are a Raidboxes customer, you can set up Let's Encrypt with one click. As far as we know, we are currently the only specialized host that offers such a 1-click solution with Let's Encrypt.
Can there be problems if I use Let's Encrypt certificates in WordPress?
Compatibility is one of the major weaknesses of Let's Encrypt. This means that errors can always occur during installation - regardless of which CMS or web server you use.
Two errors occur particularly frequently during installation under WordPress:
- Incorrect permalinks: Some database entries were not converted from http:// to https://. This problem can be fixed quickly and easily with the "Better Search Replace" plugin.
- Mixed content error: In such a case, the user's browser issues a warning, which can cost visitors and conversions. Mixed content means that there is both encrypted and unencrypted content on the website. If corresponding errors occur after setting up a Let's Encrypt certificate, the non-encrypted content must be replaced with encrypted counterparts or deleted.
Who is behind Let's Encrypt?
An ambitious community and the parent organization Internet Security Research Group (ISRG) as well as the Linux Foundation and the Electronic Frontier Foundation (EFF), which manages the certification software. Companies such as Mozilla, Chrome, Facebook and Automattic also support the project.
What are the goals of Let's Encrypt?
Let's Encrypt wants to make HTTPS the new standard on the Internet and offer all users worldwide the opportunity to encrypt their website free of charge.
What are the greatest strengths of Let's Encrypt?
The certificates are free, relatively easy to integrate - if you have the relevant knowledge and the necessary skills - and the project is professionally managed.
What are the biggest weaknesses of Let's Encrypt?
Only domain-validated certificates are currently offered. Extended validations are not specifically planned. In addition, Let's Encrypt does not offer any support. Here you have to rely on the support forum or your hoster.
Where can I get quick help with Let's Encrypt?
If you have the necessary technical knowledge, have a look at the Let's Encrypt Community help forum. If not, it is best to contact your hoster.
Do I even need SSL on my site?
Admittedly: This is a trick question. Yes, you should set up SSL. Not only will the data traffic between the web server and browser be encrypted, but your site will also be faster thanks to HTTP/2. The real question behind this is the cost-benefit analysis for all less critical services. Thanks to Let's Encrypt, however, this will no longer be an issue in future. This means that every blog, every club website etc. should urgently set up SSL.
How long are Let's Encrypt certificates valid for?
A paid SSL certificate has a validity period of twelve to 36 months. Let's Encrypt certificates, on the other hand, are only valid for 90 days. After that, the certificate must be renewed. This is either done via a console command from the responsible administrator, or the hoster has automated the process. With Raidboxes, for example, the certificates are renewed automatically.
Will SSL slow down my website?
No. On the contrary: on servers with HTTP/2, your web pages are delivered even faster.
What does the future of Let's Encrypt look like?
2016 was a very good year for Let's Encrypt. The Americans now provide well over 20 million active certificates worldwide. Just five months after their launch, the Californians were already on the right track and will hopefully be able to maintain this development in 2017.
With which hosters can I use Let's Encrypt certificates?
Some large German hosters have actively decided against using Let's Encrypt and instead offer free domain-validated certificates from their cooperation partners. This basically fulfills the same purpose, with the difference that it is not the non-profit Internet Security Research Group (ISRG) that is supported, but the corresponding SSL provider. Below you will find an incomplete list of German hosters for whom we know the status of Let's Encrypt integration. (Status: April 2017)
- Raidboxes: We have of course taken the trouble to create a 1-click setup for Let's Encrypt certificates at Raidboxes.
- All incl.: All inkl. has integrated Let's Encrypt and built it into its KAS. The setup can also be carried out by beginners.
- Checkdomain: Checkdomain has also fully integrated Let's Encrypt. Let's Encrypt can be set up at Checkdomain with just a few clicks via its own interface. A good implementation.
- Strato: Strato has also integrated Let's Encrypt and published comprehensive instructions on how to set it up. However, Strato does not yet offer 1-click installation of Let's Encrypt. However, some tariffs have the free SSL on board as standard.
- HostEurope: HostEurope has not warmed to Let's Encrypt and has no plans to integrate it into its user interface. However, it is possible to set up Let's Encrypt on HostEurope servers manually. But only with a great deal of effort.
- Alfahosting: Apparently, Alfahosting has now followed suit and also integrated Let's Encrypt into its user interface. In any case, the colleagues have already announced the "Free SSL for all hosting customers" on Twitter.
- WebGo: WebGo has also integrated Let's Encrypt into its user interface. You can access the free SSL here with just a few clicks.
- Hetzner: In principle, Hetzner enables the installation of Let's Encrypt, but has not automated it.
- 1and1: And 1und1 is probably not planning to offer Let's Encrypt certificates either. Instead, 1und1 relies on free SSL certificates from its cooperation partners.
- Mittwald: Mittwald did not originally intend to integrate Let's Encrypt. However, this has now changed. Mittwald would like to integrate Let's Encrypt into its offering in the course of the year.
You can find a community-maintained list of all known hosters with corresponding integration on GitHub. Still missing a hoster? Simply write a comment on this article or contact the Let's Encrypt community directly and share your knowledge with them.
Do you still have questions about Let's Encrypt and the free SSL certificates? Just comment on this post and we will definitely get back to you with an answer!