94

On the advantages side, I see several benefits to using the Let's Encrypt service (e.g., the service is free, easy to setup, and easy to maintain). I'm wondering what, if any, are the disadvantages to using Let's Encrypt? Any reasons why website operators -- whether big like Twitter or small like a local photographer -- should not consider replacing their existing SSL services with companies like GoDaddy with this service?

(If the service is not yet available, this disadvantage can be ignored -- I'm more wondering about disadvantages once it is available for general public use.)

Dolan Antenucci
  • 1,083
  • 1
  • 7
  • 5
  • 2
    On 2015 December 3, Let's Encrypt (beta version) became available for the general public. – H2ONaCl Dec 10 '15 at 03:20
  • 1
    One reason I ran across is because it doesn't work! Look at all the issues! https://github.com/certbot/certbot/issues and https://community.letsencrypt.org/ . If you pay for your cert, you get (some) support, and it's manual, so nothing to break. – Chloe Jan 06 '17 at 03:25

5 Answers5

94

Let's Encrypt is a Certificate Authority, and they have more or less the same privileges and power of any other existing (and larger) certificate authority in the market.

As of today, the main objective downside of using a Let's Encrypt certificate is compatibility. This is an issue that any new CA faces when approaching the market.

In order for a certificate to be trusted, it must be signed by a certificate that belongs to a trusted CA. In order to be trusted, a CA must have the signing certificate bundled in the browser/OS. A CA that enters the market today, assuming they are approved to the root certificate program of each browser/OS from day 0 (which is impossible), will be included in the current releases of the various browser/OS. However, they won't be able to be included in older (and already released) versions.

In other words, if a CA Foo joins the root program on Day 0 when the Google Chrome version is 48 and Max OSX is 10.7, the Foo CA will not be included (and trusted) in any version of Chrome prior to 48 or Mac OSX prior to 10.7. You can't retroactively trust a CA.

To limit the compatibility issue, Let's Encrypt got their root certificate cross-signed by another older CA (IdenTrust). This means a client that doesn't include LE root certificate can still fallback to IdenTrust and the certificate will be trusted... in an ideal world. In fact, it looks like there are various cases where this is not currently happening (Java, Windows XP, iTunes and other environments). Therefore, that's the major downside of using a Let's Encrypt certificate: a reduced compatibility compared to other older competitors.

Besides compatibility, other possible downsides are essentially related to the issuance policy of Let's Encrypt and their business decisions. Like any other service, they may not offer some features you need.

Here's some notable differences of Let's Encrypt compared to other CAs (I also wrote an article about them):

The points above are not necessarily downsides. However, they are business decisions that may not meet your specific requirements, and in that case they will represent downsides compared to other alternatives.

the main rate limit is 20 certs per registered domain per week. However this does not restrict the number of renewals you can issue each week.

Andy Brown
  • 137
  • 5
Simone Carletti
  • 1,198
  • 1
  • 9
  • 11
21

The reason to use Let's Encrypt can be the price. Those certificates will be for free.

But I see one possible disadvantage for nonsmall web sites. Big CA offer wildcard certificates, Extended Validation certificates which have some advantages (from my point of view). Moreover this program is directed to web servers, but what if you have some application server or you want to secure mail server

Update: Currently is possible to request certificate, not binded to web servers. So my last argument is not valid anymore. here is some example of using this option:

./letsencrypt-auto certonly --standalone -d example.com

Update2: From January 2018 Let's Encrypt will begin issuing wildcard certificates

Wildcard Certificates Coming January 2018

Jul 6, 2017 • Josh Aas, ISRG Executive Director

Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS.

So one more argument is not valid anymore.

Romeo Ninov
  • 638
  • 5
  • 11
  • Good points on Extended Validation certificates and Let's Encrypt's support for application servers not being clear. Regarding wildcard certificates, are there any advantages to these over just however many number of Let's Encrypt certificates? I guess one is that you don't have to set one up for *every* subdomain nor future new ones. Let me know if you see any other benefits. Thanks – Dolan Antenucci Jun 06 '15 at 18:40
  • @DolanAntenucci, with wildcard certificate you can simplify the process of deploy it over the range of servers. And (just for example) I see on the site of the program demonstrated Debian/Ubuntu command (hope will be for other distributions like SuSE and RHEL/CentOS). Maybe there will be such instrument for *BSD. But what about Solaris x86, Windows? For subdomains - this can be a some disadvantage of wildcard certificate as they can work only in one domain i.e *example.com will not serve romeo.ninov.example.com. In general for me looks like good and wise initiative, but let see :) – Romeo Ninov Jun 06 '15 at 19:02
  • "but what if you have some application server or you want to secure mail server" - You request the certificate for the appropriate domain, possibly with the "standalone" method, and apply them in the mail server's config. – dequis Dec 04 '15 at 16:50
  • @dequis, you request certificate for host, not for domain. To be applicable for domain should be wildcard (which is not possible with this program) – Romeo Ninov Dec 07 '15 at 06:59
  • I see no reason for a mail server to require a wildcard certificate. There's people using letsencrypt already for this purpose: https://community.letsencrypt.org/t/use-on-non-web-servers/425 – dequis Dec 08 '15 at 02:41
  • If there is usage already on other than web I can only admire this :) About wildcard certificate: yes, only for mail server there is no sense, but the same certificate can be used for other servers in to the domain – Romeo Ninov Dec 08 '15 at 06:53
  • 1
    You can request several domains per cert, so you can get a cert that covers wiki.example.com, mail.example.com, www.example.com, example.com. It just won't cover subdomains you don't explicitly request/verify – bobpaul Jan 28 '16 at 23:06
  • 2
    @bobpaul, to be precise certificate is for host (if its not wildcard). And yes, you can define certificates for all the hosts you need as far as you manage this domain – Romeo Ninov Jan 29 '16 at 07:09
  • 1
    In all fairness, I'm far from certain that **all** other CAs (or even those that sell certificates for money) offer OV or EV certificates. But of course, if you do want something more than a domain-validated certificate, then Let's Encrypt obviously isn't for you. – user Jun 30 '17 at 08:03
11

One disadvantage that makes big companies not consider Let's Encrypt is that visitors that connect to the site can't be sure that it is the actual company that hosts the site.

This is because Let's Encrypt issues certificates for a domain free of charge without identity validation (personal or corporate) (Let's Encrypt only offers domain validation).

Edited to add: For the purpose of secure transmission this is not a big problem. But, if you want to verify that it is the actual company you were looking for that holds the domain name a whois lookup may not be enough. Class 2 or 3 or EV certificates have the advantage that the company and domain are verified by the certificate authority.

Alasjo
  • 973
  • 6
  • 10
  • I'm not sure this is why big companies won't choose it. Big companies are more likely to need wildcard certs (there's some situations where you can't get around using a wildcard cert in IIS) and Let's Encrypt limits you to 5 actions/7 days per domain. So if you have a lot of servers and a lot of subdomains it could conceivably get difficult to schedule all of your renewals within the 90-day period, and that's assuming Let's Encrypt never suffers a failure that prevents signups for a few days. – bobpaul Feb 01 '16 at 20:42
  • 90 days screams fly-by-night, why increase the workload. Plus they depend on time, not the usual CRL methods for revocation and that's already been taken advantage of with a blowoff excuse that revocation wasn't really needed. While you can revoke your own cert, there's need for criminal activity revoke. – Fiasco Labs Mar 02 '16 at 00:38
  • 4
    @Alasjo, Your answer includes a bit of a scare tactic and is therefore a bit unclear. Let's Encrypt does not issue DV certificates freely. They require domain validation just like any other CA. It is true that big companies may want something beyond Domain Validation for their main domain, but not always, and the question is not exclusive to big companies either. – 700 Software Oct 28 '16 at 13:31
  • @GeorgeBailey You were right that my wording was a bit unclear and I've edited my answer to reflect that it's "free of charge", not "given away freely". Thanks. I also added a note on why I think identity validation is useful. – Alasjo Nov 09 '16 at 12:52
  • In all fairness, I'm far from certain that **all** other CAs (or even those that sell certificates for money) offer OV or EV certificates. But of course, if you do want something more than a domain-validated certificate, then Let's Encrypt obviously isn't for you. – user Jun 30 '17 at 08:03
2

One more issue with using Let'encrypt is that in enterprise scenario we need to install certificate to load balancer and CDN provider as well. Not all CDN providers have APIs to change this automatically. Also as of now Let's encrypt's validity is of 90 days which complicates this process more.

Chintak Chhapia
  • 131
  • 3
-6

Yes, by using Let's Encrypt you revoke your right to defend your Intellectual Property including Patent, Trademark, Trade Secret or Copyright against infringement by ISRG.

https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf

BY WAY OF FURTHER EXPLANATION REGARDING THE SCOPE OF THE DISCLAIMER, AND WITHOUT WAIVING OR LIMITING THE FOREGOING IN ANY WAY, ISRG DOES NOT MAKE, AND ISRG EXPRESSLY DISCLAIMS, ANY WARRANTY REGARDING ITS RIGHT TO USE ANY TECHNOLOGY, INVENTION, TECHNICAL DESIGN, PROCESS, OR BUSINESS METHOD USED IN EITHER ISSUING LET’S ENCRYPT CERTIFICATES OR PROVIDING ANY OF ISRG’S SERVICES. YOU AFFIRMATIVELY AND EXPRESSLY WAIVE THE RIGHT TO HOLD ISRG RESPONSIBLE IN ANY WAY, OR SEEK INDEMNIFICATION AGAINST ISRG, FOR ANY INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, INCLUDING PATENT, TRADEMARK, TRADE SECRET, OR COPYRIGHT.

That last sentence.

schroeder
  • 123,438
  • 55
  • 284
  • 319
encrypto
  • 11
  • 9
    Your interpretation is completely wrong. I could lay out the legal justification line by line, but this really would be for a legal expert to weigh in, and there is law.stackexchange.com for that. – schroeder Oct 18 '18 at 19:27
  • 9
    To help you out, I posed the question: https://law.stackexchange.com/questions/32735/revoking-my-right-to-defend-my-intellectual-property-by-using-lets-encrypt – schroeder Oct 18 '18 at 20:13