Free SSL

Let's Encrypt - The most important questions and answers about the free SSL certificates

Since May 2016, the free SSL certificates from Let's Encrypt are now available. Since then, many customer inquiries have accumulated. Is Let's Encrypt really free of charge? How exactly can you set up Let's Encrypt? And who actually takes care of the technical stuff? We answer these and other questions in this Let's Encrypt FAQ - quick and dirty.

The most important questions at a glance:

Note: If you're looking for a Let's Encrypt guide, I can recommend documentation from Let's Encrypt itself. Here you can find all relevant information about the setup. Have another question or missing an important answer? Just leave a comment below and we will include the questions and answers in this article. At the end of the article you will also find a list of the most important German hosters and WordPress hosters and their implementation level of free SSL.

Is Let's Encrypt really free?

Yes, the certificates are completely free of charge. Also the server settings and the software for certification - the Certbot - do not cost a cent. The only investment is the time you need to learn how to use and maintain Let's Encrypt. Some host also offer the free SSL at the push of a button.

What distinguishes Let's Encrypt certificates from "normal" SSL certificates?

From a technical point of view, nothing. The principle of authentication is the same: keys are exchanged between the browser and the web server, which are compared in a so-called handshake. If the keys match, the communication is encrypted. The strength of this encryption depends on the web server settings, but is usually so high that it can only be cracked with massive effort. It is important to note that Let's Encrypt does not currently offer extended certificates for organization validation (OV) or extended validation (EV). This means that although the normal encryption note is available in the address line via Let's Encrypt certificates, the so popular green address line cannot be implemented.

This is what a domain-validated Let's Encrypt certificate looks like in practice.
The website on the left has a domain-validated certificate. In Chrome, it is therefore marked as secure. In contrast, Paypal also shows the company that owns site in the address bar. Common practice, for example, with payment providers, banks and booking portals.

How do I install Let's Encrypt certificates?

It depends. Among other things, it depends on your web server and hosting plan. In the Certbot user guide you will find detailed instructions and many explanations on how to set up Let's Encrypt certificates under the various systems. Also, check beforehand if your host supports Let's Encrypt at all. At the end of the article you will find a list of supported systems.

What are the requirements for my website?

The requirements and the first steps for the setup can be easily accessed via https://certbot.eff.org. Simply enter the web server and operating system and the site will spit out the relevant information.

I'm not a techie: who can set up Let's Encrypt for me?

Don't have the technical knowledge but feel confident to learn? Then check out the resources at the top of site .

You have no technical knowledge and no time or desire to deal with the subject? Then you have two options: If you are only interested in free SSL, then many host already offer an integrated, free SSL certificate.

Just contact your hosting partner; you may already be using free SSL. If you are a Raidboxes customer, you can set up Let's Encrypt with one click. To our knowledge, we are currently the only specialist hoster to offer such a 1-click solution with Let's Encrypt.

Can there be problems if I use Let's Encrypt certificates in WordPress ?

The compatibility is one of the big weaknesses of Let's Encrypt. Therefore, errors can occur again and again during the installation - regardless of which CMS or which web server you use.

Two errors occur WordPress particularly frequently during installation:

  • Incorrect permalinks: Some database entries were not changed from http:// to https://. This problem can be fixed quickly and easily with the Plugin "Better Search Replace".
  • Mixed Content Error: In such a case, the user's browser issues a warning, which can cost visitors and conversions. Mixed content means that the website contains both encrypted and non-encrypted content. If corresponding errors occur after setting up a Let's Encrypt certificate, the non-encrypted content must be replaced with encrypted counterparts or deleted.

Who is behind Let's Encrypt?

An ambitious community and the parent organization Internet Security Research Group (ISRG) as well as the Linux Foundation and the Electronic Frontier Foundation (EFF), which manages the certification software. In addition, companies such as Mozilla, Chrome, Facebook and Automattic support the project.

Selection of platinum, gold and silver sponsors of Let's Encrypt.
Selection of some of the most important sponsors of Let's Encrypt.

What are the goals of Let's Encrypt?

Let's Encrypt wants to make HTTPS the new standard on the Internet and offer all users worldwide the possibility to encrypt their website for free.

What are Let's Encrypt's greatest strengths?

The certificates are free, relatively easy to integrate - if you have the knowledge and skills - and the project is professionally managed.

What are the biggest weaknesses of Let's Encrypt?

Currently only domain validated certificates are offered. Extended validations are not concretely planned. Furthermore, Let's Encrypt does not offer any support. Here you have to rely on the support forum, or on your host .

Where can I get quick help with Let's Encrypt?

If you're tech-savvy, check out the Let's Encrypt Community help forum. If not, it is best to contact your host .

Excerpt from the Let's Encrypt forum. It shows current topics and the layout of the forum.
In the Let's Encrypt forum not only questions are clarified, but also current problems are discussed.

Do I even need SSL on my site ?

Granted: This is a trick question. Yes, you should set up SSL. Not only will the traffic between the web server and browser be encrypted, but your site will be fasterthanks to HTTP/2. The real question behind this is the cost-benefit trade-off for all the less critical offerings. Thanks to Let's Encrypt, this question will no longer arise in the future. That means: every blog, every club website etc. should urgently set up SSL.

How long are Let's Encrypt certificates valid?

A paid SSL certificate has a term of twelve to 36 months. Let's Encrypt certificates, on the other hand, are only valid for 90 days. After that, the certificate must be renewed. This is done either via a console command from the responsible administrator, or the hosthas automated the process. At Raidboxes , for example, the certificates are renewed automatically.

Will SSL slow down my website?

No. On the contrary: on servers with HTTP/2 your web pages will be delivered even faster.

What does the future of Let's Encrypt look like?

2016 was a very good year for Let's Encrypt. The Americans now provide well over 20 million active certificates worldwide. Just five months after the launch, the Californians were already on a good path and can hopefully maintain this development in 2017.

With which hosters can I use Let's Encrypt certificates?

Some major European hosters have actively decided against the use of Let's Encrypt and instead offer free domain-validated certificates from their cooperation partners. Basically, this serves the same purpose, but with the difference that it is not the non-profit Internet Security Research Group (ISRG) that is supported, but the corresponding SSL provider. Below you will find an incomplete list of German hosters where we know the status of Let's Encrypt integration. (Status: April 2017)

  • Raidboxes: We have of course taken the trouble to create a 1-click setup for Let's Encrypt certificates at Raidboxes created a 1-click setup for Let's Encrypt certificates.
  • All incl.: All inkl. has integrated Let's Encrypt and built it into its KAS. The setup is also feasible for beginners.
  • Checkdomain: Checkdomain has also fully integrated Let's Encrypt. Checkdomain allows you to set up Let's Encrypt with just a few clicks via its own interface. A good implementation.
  • Strato: Strato has also integrated Let's Encrypt and published comprehensive instructions on how to set it up. However, Strato does not yet offer a one-click installation of Let's Encrypt. However, some tariffs have the free SSL on board by default.
  • HostEurope: HostEurope has not warmed up to Let's Encrypt and does not plan to integrate it into its user interface. The setup of Let's Encrypt on HostEurope servers is possible manually. However, only with greater effort.
  • Alfahosting: Apparently, Alfahosting has now followed suit and also integrated Let's Encrypt into its user interface. In any case, the colleagues have already announced the "Free SSL for all hosting customers" on Twitter.
  • WebGo: WebGo has also integrated Let's Encrypt into its user interface. With a few clicks you can get the free SSL here.
  • Hetzner: In principle, Hetzner enables the installation of Let's Encrypt, but has not automated this.
  • 1and1: And 1und1 probably doesn't plan to offer Let's Encrypt certificates either. Rather, 1und1 relies on free SSL certificates from its cooperation partners.
  • Mittwald: Mittwald did not originally intend to integrate Let's Encrypt. However, this has changed in the meantime. Mittwald would like to integrate Let's Encrypt into its offering in the course of the year.

A community-maintained list of all known hosters with corresponding integration can be found on GitHub. You are still missing a host ? Just write a comment to this article or contact the Let's Encrypt community directly and share your knowledge with them.

You still have questions about Let's Encrypt and the free SSL certificates? Just comment on this post and we'll get back to you with an answer!

Did you like the article?

Your rating helps us improve our future content.

Post a comment

Your email address will not be published.