JIYIK CN >

Let's Encrypt is a free, automated, and open certificate authority that officially launched in April 2016. It was originally founded in 2012 by two Mozilla employees. Their goal for founding Let's Encrypt was really simple; to encrypt the entire web and make it a more privacy-respecting place. This might sound a little crazy, but as you know, Google has been pushing HTTPS heavily over the past few years. Let's Encrypt is really starting to make a big impact in the industry, especially as it relates to free SSL hosting.

Certificate authorities are the organizations that issue SSL/TLS certificates, which are responsible for encrypting your data and e-commerce transactions. Not just anyone can suddenly become a certificate authority, as they need to be trusted by many different platforms. Browsers and devices trust certificate authorities (CAs) by accepting root certificates into their root stores, which are basically databases of approved CAs that come pre-installed in your browser or device.

Microsoft, Mozilla, Apple, all have their own root stores. So to become a CA, you need to be trusted by some of the biggest names in the industry. When Let's Encrypt first launched, they received a cross-signature from IdenTrust, which made them trusted by all the major browsers. Read more about how Let's Encrypt works. For web hosts like Kinsta, Let's Encrypt now enables us to deploy SSL certificates in one click! The good news is, everything is instant and automated.

Let's Encrypt statistics

According to Let's Encrypt statistics, the number of websites and companies using Let's Encrypt has been growing at a very fast pace. As of January 2021, they have issued nearly 2.5 billion certificates and have over 75 million active SSL certificates. Thanks to the project, the encrypted web has grown from 40% to 58% in less than two years. This is partly due to many web hosting companies and CDN providers joining Let's Encrypt integration to provide free SSL hosting.

On average, they issue between 80k and over 600k SSL certificates per day.

Let's Encrypt also believes in full transparency. All issued or revoked certificates are publicly logged and available for anyone to inspect. You can actually use this certificate search tool from COMODO to look up any issued Let's Encrypt certificate.

Let's Encrypt compatibility

There are two main factors that confirm the validity of a Let's Encrypt certificate. An invalid SSL certificate may cause users to face a "your connection is not private" error, which may drive them away. First, the platform must support IdenTrust's DST Root X3 certificates in its trust store. The second is that the platform must support modern SHA-2 certificates. The following browsers support Let's Encrypt certificates:

• Mozilla Firefox v2 and above
• Google Chrome
• Internet Explorer on Windows XP SP3 and later (versions prior to SP3 cannot handle SHA-2 signed certificates)
• Microsoft Edge
• Android OS v2.3.6 and above
• Safari v4 and above on MacOS
• Safari on iOS v3.1 and later
• Debian Linux v6 and later
• Ubuntu Linux v12.04 and later

Therefore, you can rest assured that your free SSL certificate will work on 99% of devices.

What does free SSL hosting mean to us?

By having access to Let's Encrypt, it means you no longer have to deal with the messy process of obtaining certificate keys, private keys, debugging intermediate certificates, or generating CSRs. The process of obtaining an SSL certificate on your website and migrating to HTTPS just got a lot easier! It's basically a one-click integration now. Let's Encrypt is also completely secure. It's backed by companies and businesses like Automattic, Mozilla, Cisco, Google Chrome, Facebook, Sucuri - just to name a few.

SSL certificates from Let's Encrypt by design expire every 90 days. However, they can be automatically renewed on your server using certbot.

It’s important to note that Let’s Encrypt only supports domain-validated certificates. This means you’ll see a padlock in the address bar of your website, like this:

However, they do not offer Organization Validation or Extended Validation certificates. This means that the certificates will not have a warranty, which is insurance for end users against losing money when submitting payments on SSL secured sites.

We do not anticipate that Let's Encrypt will support EV, as the EV process will always be manual and someone will have to pay for it.

So if you’re an enterprise or large business, Let’s Encrypt might not be for you. But the good news is that it should work fine for most personal websites.

Additionally, they will support wildcard certificates starting in January 2018. A wildcard certificate can secure any number of subdomains (for example *.domain.com). This allows a single certificate and key pair to be used for a domain and all its subdomains, which can significantly simplify HTTPS deployments.

Benefits of HTTPS

Don't forget the many advantages of running your WordPress site over HTTPS. By using our new Let's Encrypt integration, you can benefit from:

1. Your data is now encrypted and secure. No plain text is passed around. This is important for e-commerce transactions of course, but even for logging into your WordPress site.
2. Google has officially stated that HTTPS is a ranking factor.
3. The green padlock bar helps build trust and credibility with your visitors.
4. Avoid the Chrome warning released in January 2017 that marks HTTP pages that collect passwords or credit cards as unsafe.
5. Better, more accurate referral data. By default, HTTPS to HTTP referral data is blocked in Google Analytics.
6. By using Let's Encrypt and enabling HTTPS, you can benefit from HTTP/2 on your site, which means performance improvements.
7. Now you can also benefit from free SSL hosting.

Verifying Your SSL Certificate

There are a few ways to verify that your site is now using a Let's Encrypt certificate. If you are overwriting your current custom SSL certificate, it's a good idea to check that everything is set up correctly. One way is to browse to your site via https:// and open Chrome Devtools.

• Windows: F12OrCtrl + Shift + I
• Mac:Cmd + Opt + I

Click on the Security panel and then click View Certificate. Then you can check the issuer. It should be "Let's Encrypt Authority X3".

The easiest way to do this is to use the free SSL Checker tool from Qualys SSL Labs. Enter your domain and have it scan your site.