29 Comments

  1. Aaron V.N.

    It’s what I use for my company site, and I love it!

    Report

  2. Ivica Delic

    It’s expected, I would dare to say…

    Report

  3. Peter

    Does Let’s Encrypt vett the entities they give certs to in any fashion?

    Report

    • pepe

      There is a challenge-response check to make sure that you actually control the domain. Let’s Encrypt does not check identities (as the certificates are issued for the domain and not for any company or person).

      Report

  4. Ron

    i wish i could use it too. but my crap host doesn’t support it. i’m going to change my host soon! what host do you recommend guys?

    Report

  5. Pete

    Sounds like funding is an issue here… What happens if they go bust? I can imagine a very large number of websites going pear shape all over the world.

    Report

    • Martin

      Unlikely for such phenomenal growth. I’m sure it will attract more interests than not. If each website pays $1 for a year sub, they are more than good.

      Report

  6. Keith Davis

    Love the one-click cPanel install but unfortunately my host is not using it and not planning to use it.

    WordPress.org should take this into account when recommending hosts.

    Report

  7. Sarunas

    This is awesome I am using Let’s Encrypt for me website.
    The only bit that is a bit annoying, it only works for your domain. If you want https on your sub domains you need to buy https certificate.
    But this is a minor trade off. :)

    Report

    • Richard Cunningham

      Not true, you can get Let’s Encrypt for every subdomain. They don’t do wildcard certificates, but deploying multiple individual certificates is just as easy as deploying one.

      Report

  8. Chuck

    Something about this makes me nervous. First, they don’t even validate the entity they issue a cert to — so if this becomes the norm then over time the value of having a cert will be (very) diluted, as it will be a guarantee that scammers will take advantage of this setup. Public trust will dissolve.

    I believe certs should go the *other* direction, and have a cost that is affordable but meaningful – along with deep validation of the entity. I had to submit articles of incorporation and a utility bill, for my corporation when I got a certificate years ago. That seems ok to me.

    Second, 503(c) notwithstanding, they have no real way of making money so eventually this business model is going to collapse.

    Report

    • peter

      I completely agree with you. There needs to be real vetting to ensure 1.) the applicants who receive the certs are who they say they are, and 2.) the cert is being used by a business/organization that’s operational. No one cares if the connection is secure if the connecting server is maintained by Guccifer 3.0! I foresee free DV type certificates being deprecated at some point.

      Report

    • Miroslav Glavic

      the certificate is issued to a domain not an entity

      Report

      • Chuck

        I understand that. And, other than basic encryption across the wire, it is otherwise useless as a “trust” instrument. Which is contrary to what the vast majority of average users believe, when they see the padlock.

        Report

    • mark k.

      AFAICT the certs they produce are the lowest grade of certs, not that anyone checks the quality of certs on the site he uses.

      Lets encrypt is all about the snowden induced privacy paranoia, not about real security of any kind

      Report

    • peter

      Bottomline, the Let’s Encrypt application process could be automated for thin-page junk sites or even for email phishing scams. Imagine a scenario where you believe you’re logging into your Bank of America account. You see the green padlock, but it’s not Bank of America! Eventually, the only trustworthy SSL certificates will be the EV certs.

      Report

    • Tada Burke

      Don’t be nervous. DV certs serve their purpose extremely well. A blog, for example, doesn’t need EV overkill. If your DNS is poisoned, you have much bigger issues than a low-level security chain.

      Successful 501(c)(3)’s make bajillion dollars every day embedded into the Econ landscape, reaping double rewards and won’t be vaporizing anytime soon.

      Report

  9. alessandra rossi

    @Chuck: I do not think that “this business model is going to collapse” ;) because of the sponsors (have you seen?) . Let’s Encrypt might be just an “add-on” for some big providers. Maybe we’ll see a pro version in the future (?).
    Anyway, like other providers, we are offering Let’s Encrypt for free, but we have also Comodo’s certificates for all the others requests that L.E. cannot satisfy.
    (On Plesk Panel the installation on any SSL certificate is very easy, you do not need technical knowledge at all, just have to pay attention to put correct information on the right fields).

    Report

  10. Joshua

    We offer Let’s Encrypt SSL certs installed on both our customer’s VPS server panel backend and their website. The days of self-signed SSLs are finally behind us.

    Report

  11. Jeffr0

    Can’t beat the cost of free and considering how easy it is to install on webhosting accounts that support it, I can see 2017 being a huge year for Let’s Encrypt.

    Report

  12. Jeffrey

    I am going to contact my hosting company to see if they support this. Fingers crossed…

    Report

  13. Richard Cunningham

    Just for the naysayers here, I believe the LE certificate is designed to stop passwords and other sensitive information from flying around in the clear. Especially over wireless connections. It serves that purpose well.

    Nothing is stopping anyone from using a “more secure” certificate from some other source.

    Report

Comments are closed.

%d bloggers like this: