Let's Encrypt - The most important questions and answers about the free SSL certificates

Tobias Schüring Last updated on 23.01.2020
7 Min.
Free SSL

Since May 2016 the free SSL certificates from Let's Encrypt are now available. Since then many customer inquiries have accumulated. Is Let's Encrypt really free? How exactly can Let's Encrypt be set up? And who actually takes care of the technical side? We answer these and other questions in this Let's Encrypt-FAQ - quick and dirty.

The most important questions at a glance:

Note: If you search for a Let's Encrypt Guide then I can recommend documentation of Let's Encrypt itself. Here you will find all relevant information about the facility. You have another question or you are missing an important answer? Just leave a comment, we will include the questions and answers in this article. At the end of the article you will also find a list of the most important german hosters and WordPress Hosting and their degree of implementation of the free SSL.

Is Let's Encrypt really free?

Yes, the certificates are completely free. Also the server settings and the software for certification - the Certbot  - don't cost a cent. The only investment is the time you need to learn how to use and maintain Let's Encrypt. Some host offer the gratis-SSL at the touch of a button.

What distinguishes Let's Encrypt certificates from "normal" SSL certificates?

From a technical point of view, nothing. The Principle of authentication is the same: keys are exchanged between browser and web server, which are matched in a so-called handshake. If the keys match, the communication is encrypted. The strength of this encryption depends on the web server settings, but is usually so high that it can only be cracked with massive effort. Importantly, Let's Encrypt does not currently offer extended certificates for Organization Validation (OV) or Extended Validation (EV). This means that although the normal encryption hint in the address bar is available via Let's Encrypt certificates, the so popular green address bar cannot be implemented.

This is what a domain-validated Let's Encrypt certificate looks like in practice.
The left website has a domain validated certificate. In Chrome it is therefore marked as secure. In contrast to this, Paypal also shows the company that site owns the website in the address bar. Common practice e.g. with payment providers, banks and booking portals.

How do I install Let's Encrypt certificates?

That depends. This includes your web server and your hosting plan. At Certbot user guide you will find detailed instructions and many explanations on how to set up Let's Encrypt certificates under the different systems. You should also find out beforehand if your host Let's Encrypt supports it at all. At the end of the article, you will find a list of all supported systems.

What requirements does my website have to meet?

The prerequisites and the first steps to set up the system can be easily accessed via https://certbot.eff.org can be retrieved. Simply enter the web server and operating system and it site spits out the relevant information.

I am not a technician: Who can set up Let's Encrypt for me?

You do not have the appropriate technical knowledge, but dare to acquire it? Then take a look at the resources further up on thesite

You have no technical knowledge and no time, or you want to deal with the topic? Then you have two options: If you are only interested in free SSL, many host already offer an integrated, free SSL certificate.

Just contact your hosting partner; you may already be using free SSL. If you are a RAIDBOXES customer, you can Let's Encrypt with one click. As far as we know, we are currently the only special hoster that offers such a 1-click solution with Let's Encrypt.

Can there be problems when I use Let's Encrypt certificates inWordPress ?

Compatibility is one of the major weaknesses of Let's Encrypt. Therefore, errors can always occur during installation - regardless of which CMS or web server you use.

Two errors occur WordPress particularly frequently during installation:

  • Fake permalinks: Some database entries were not converted from http:// to https://. This problem can be solved quickly and easily with the Plugin "Better Search Replace".
  • Mixed Content Error: In such a case, the user's browser will issue a warning about what visitors and conversions may cost. Mixed content means that the website contains both encrypted and unencrypted content. Should corresponding errors occur after the setup of a Let's Encrypt certificate, the non-encrypted contents must be replaced by encrypted counterparts or deleted.

Who is behind Let's Encrypt?

An ambitious community and the parent organization Internet Security Research Group (ISRG) as well as the Linux Foundation and Electronic Frontier Foundation (EFF), which manages the certification software. In addition, companies such as Mozilla, Chrome, Facebook and Automattic the project.

Selection of the platinum, gold and silver sponsors of Let's Encrypt.
Selection of some of the most important sponsors of Let's Encrypt.

What are the goals of Let's Encrypt?

Let's Encrypt wants HTTPS as the new standard on the Internet and offer all users worldwide the possibility to encrypt their website for free.

What are the greatest strengths of Let's Encrypt?

The certificates are free, relatively easy to integrate - if you have the appropriate knowledge and skills - and the project is professionally managed.

What are the biggest weaknesses of Let's Encrypt?

Currently only domain-validated certificates are offered. Extended validations are not specifically planned. In addition, Let's Encrypt does not offer support. Here you are on the Support Forumor rely on yourshost .

Where can I get quick help with Let's Encrypt?

If you are technically proficient, check out the Help forum of the Let's Encrypt community over. If not, it's best to contact your host .

Extract from the Let's Encrypt forum. It shows current topics and the layout of the forum.
In the Let's Encrypt forum, not only questions are clarified, but also current problems are discussed.

Do I even need SSL on my site ?

Granted: It's a trick question. Yeah, you should set up SSL. Not only will the data traffic between web server and browser be encrypted, but your site thanks to HTTP/2 faster. The real question behind this is the cost-benefit analysis for all less critical offers. But thanks to Let's Encrypt, this will no longer be the case in the future. This means: every blog, club website etc. should urgently set up SSL.

How long are Let's Encrypt certificates valid?

A chargeable SSL Certificate has a validity period of twelve to 36 months. Let's Encrypt certificates on the other hand are only valid for 90 days. After that the certificate must be renewed. This is either done via a console command of the responsible administrator or the hoster has automated the process. When RAIDBOXES renewing the certificates, for example, the certificates renew automatically.

Will my website be slower with SSL?

No. On the contrary: on servers with HTTP/2 your web pages will be delivered even faster.

What does the future of Let's Encrypt look like?

2016 was a very good year for Let's Encrypt. The Americans now place far more than 20 million active certificates worldwide. Already five months after the start the Californians were on the right track and will hopefully be able to maintain this development in 2017.

On which hosters can I use Let's Encrypt certificates?

Some major European hosters have actively decided against the use of Let's Encrypt and instead offer free domain-validated certificates from their cooperation partners. Basically, this serves the same purpose, but with the difference that it is not the non-profit Internet Security Research Group (ISRG) that is supported, but the corresponding SSL provider. Below you will find an incomplete list of German hosters where we know the status of Let's Encrypt integration. (Status: April 2017)

  • RAIDBOXES We have of course taken the trouble and with RAIDBOXES a  1-click setup for Let's Encrypt certificates created.
  • All inclusive..: All incl. Let's Encrypt has integrated and built into his KAS. The setup is also feasible for beginners.
  • Checkdomain: Checkdomain Let's Encrypt is also fully integrated. With Checkdomain, Let's Encrypt can be set up with just a few clicks via a separate interface. A good implementation.
  • Strato: Also Strato has integrated Let's Encrypt and published a comprehensive guide to its setup. However, 1-click installation of Let's Encrypt is not yet possible with Strato. However, some tariffs have the free SSL on board by default.
  • HostEurope: HostEurope has not warmed up with Let's Encrypt and has no plans to integrate it into its user interface. However, the setup of Let's Encrypt on HostEurope servers is probably possible manually. But only with a lot of effort.
  • Alfahosting: Apparently Alfahosting has followed suit and has also integrated Let's Encrypt into its user interface. At Twitter the colleagues have in any case already announced the "Free SSL for all hosting customers".
  • WebGo: WebGo has also integrated Let's Encrypt into its user interface. With a few clicks you can get the free SSL here.
  • Hetzner: In principle Hetzner enables the installation of Let's Encrypt, but has not automated it.
  • 1and1: And also 1und1 probably does not intend to offer Let's Encrypt certificates. Instead, 1und1 relies on free SSL certificates from its cooperation partners.
  • Mittwald: Mittwald did not originally intend to include Let's Encrypt. But that has changed in the meantime. Mittwald plans to launch Let's Encrypt into his offer.

One that is maintained by the community, List with all known hosters with appropriate integration can be found on GitHub. You're still missing a host ? Just write a comment about this article or sit down directly with the Let's connect with the Encrypt Community and share your knowledge with them.

You still have questions about Let's Encrypt and the free SSL certificates? Just comment on this post and we'll get back to you with an answer!

As a system administrator, Tobias watches over our infrastructure and finds every possible way to optimize the performance of our servers. His tireless efforts mean he can often be found on Slack in the early hours.

Related articles

Comments on this article

Leave a comment

Your email address will not be published. Required fields are marked with * .