Let’s Encrypt vs Traditional SSL
What is SSL?
SSL (Secure Sockets Layer) is a technology which is used for keeping the Internet Secure, it safeguards any data being sent over the network between two systems, so that the data cannot be read by an unauthorized third party. The data is scrambled using encryption algorithms to prevent any unauthorized party from reading or modifying the data. TLS is an updated version of SSL, which provides more security, but security certificates are still referred as SSL certificates as it was the more commonly used term.
Systems sharing SSL technology could be a website and a browser, server and a server. HTTPS appears in a URL when a website is secured by SSL certificate. The details of the SSL certificate could be known by clicking the lock icon next to the HTTPS in the web link.
What is Let’s Encrypt?
Let’s Encrypt is a certification Authority that offers free TLS encryption to website owners, it was launched in 2016, with an objective to provide websites owners with free and easy to install/update SSL certificates. The main selling point of Let’s Encrypt is it being free, and it provides a simple installation process and is easily available to all website owners.
How Let’s Encrypt Works?
The primary objective of Let’s Encrypt is to set up an HTTPS server and have it automatically obtained an SSL certificate by setting up a certificate management agent on the server, so that there’s minimal human involvement in the process. The process requires a certificate management agent to prove to a certificate authority that the web server is controlling a domain, and then the agent can request, renew or revoke certificates for that domain.
Let’s Encrypt offers domain-validated certificates which means that the server administrator has a unique token which is used to prove that the admin controls the domain which is requesting the certificate. The certification authority will then look at the domain name being requested and issue a set of challenges and a cryptographic nonce. When the agent software completes one of the provided sets of challenges, it notifies the certification authority that it is ready to complete validation, the agent also signs the cryptographic nonce with its private key, then the certification authority verifies if the challenges have been satisfied and verifies the signature on the cryptographic nonce. If the signature on the nonce and the certificate check out, the agent is authorized to do certificate management for the domain.
What is PKI?
Public Key Infrastructure is the framework of encryption that protects communications between the server and the client. It offers a standard of confidentiality and accountability for people/companies using internet as a medium for their businesses, and provides an environment where security is not a concern. PKIs are used by traditional certification authorities like DigiCert.
Pros and Cons of Let’s Encrypt vs Traditional HTTPS Implementation
Pros Let’s Encrypt
1. Free — The main selling point for Let’s Encrypt is that it is free.
2. Easy Implementation — Let’s Encrypt is considerably easy to implement on a website that traditional HTTPS, easy implementation can be beneficial for users trying to install an SSL certificate.
3. Security — Being free, it provides the same level of security as a traditional HTTPS connection, the connection between the site and visitor is secure with no chance of a compromise in the connection.
Cons Let’s Encrypt
1. Compatibility — Let’s Encrypt only offers domain-validated certificates, if extra security required, a traditional certification authority provider can provide an extended validation certificate.
2. Validity — Let’s Encrypt certificates are valid for only 90 days, after which they need to be renewed.
3. Warranty — No warranty provided by let’s encrypt.
4. Support — No staff to support the process.
Pros Traditional SSL
1. Security — With an SSL certificate, there is no possibility of a connection compromise between the site and server.
2. Customization — The traditional SSL supports SSL with Extended Validation SSL Certificate. This provides the certificate company details to visitors to assure them that the site is safe.
3. Easier to implement on multiple domains — It can be used to set up a certificate to secure multiple sub domains.
4. Validity — The domains are typically valid for 1 year or more, after which they can be renewed.
Cons Traditional SSL
1. Expenses — Traditional SSL are typically expensive; their costs depend on the security features required by your website. Also, the deployment cost might be different.
Implementation Time — Migration to a typical HTTPS domain can take time as users might encounter issues during migration.