Why buy SSL when I can get one for free?

Since this summer, SSL Certificates became more necessary than ever. Google brought them dynamically to the spotlight, through a change they made in Chrome (version 68), and so it is logical that, even if you had not touched the subject, now you are looking for information…

Through browsing Papaki, you may have found out that you can purchase SSL Certificates by well-known companies, which specialize in this specific field like Comodo, GeoTrust, etc. At the same time though, if you are hosting with us, you may have seen that we provide you with the option to activate the completely free Let’s Encrypt SSL.

So now the rational question arises: Why should I purchase SSL when I can get one for free? Below we give you the answers you are looking for. We hope that we will help you get adequately informed and be able to choose the SSL that suits you!

• ‘Let’s Encrypt’ only offers Domain Validation (DV) SSL Certificates.
  “We do not provide Organization Validation (ΟV) or Extended Validation (EV), mainly because we cannot automate their issuing procedure’’, says Let’s Encrypt in its website.
  As we have explained to you in the past, DV SSLs are ideal for those who seek basic protection for their personal domain/ site or forum, which needs basic encryption its logins or forms. In short, they (DV SSLs) cannot cover the demands of bigger websites or eShops. For these, OV and EV SSLs will do the job.
  More specifically, OV SSLs certify the domain and the data of a business. We suggest them for corporate websites that collect and process little to no personal data of their visitors.
  EV are SSLs of higher standards and are ideal for big businesses with online and e-commerce services, which wish to show that they have passed the strictest assessment check, and as a result to instantly gain the trust of the customer. With an EV SSL they maintain their competence and make clear that they have created a safe website, where the customer’s personal data and transactions are secure.

• Let’s Encrypt Certificate does not come with personal customer service. Let’s say that your needs are small and a DV SSL covers them. If you buy it from Let’s Encrypt, you have to know that in case something goes wrong, you will have to fix the problem yourself. Let’s Encrypt cares enough to provide you with useful files, but you may need time to do some research to get the answers you need. There are also forums where you can send your questions. In no case though you may get some instant and personal help from someone, as it happens with paid SSLs. If you purchase any SSL offered by Papaki, you can talk with one of our Support Heroes anytime, and get the right directions and answers regarding your questions.

• Free SSLs do not hold the same prestige with the paid ones. Noone doubts that Let’s Encrypt does some very good work, neither that it has helped to make the Internet safer! However, it is logical for the brand name ‘’Let’s Encrypt’’ to not be as reliable as the brand of a big company which is dealing with Internet and Computer security issues for many years, like ‘’Comodo’’.
  Besides that, especially if you have a business, it is expected for the customer to appreciate the fact that you have dedicated the time and money to create a safe environment. And if you think that it is hard for someone to find out which certificate you use, it’s just not true. Every visitor can easily see from his/her browser which kind of SSL is active in every website. For example, if someone uses Chrome, with a click on the padlock icon, s/he is able to view all the details of the SSL used at the time.

• As is reasonable, SSLs from Let’s Encrypt do not include a money back guarantee. On the contrary, paid SSLs guarantee financial compensation in case of a mistake made by the issuing company, e.g. protocol failure or wrong version. The end user who will suffer damage in a case like this is entitled to compensation.
  It is rare for a severe security gap like this to occur, however, it is not impossible. Such was the case of a Dutch company called DigiNotar. In 2011, their systems were breached by an intruder, making him able to produce certificates signed by Google and other trusted companies. Those certificates were distributed to third parties in Iran, who used them to monitor the communications of more than 300.000 users!
• Let’s Encrypt SSL last for 90 days. If you use Papaki for your hosting, you won’t need to worry about updates, since they are automated and you just receive the usual confirmation when they happen. But if you use another company for your hosting, then you have to make sure that automated updating is provided to you. Otherwise, you will have to deal with the updates very often, so that your website does not end up with an expired certificate. Yes, one more point! Paid SSLs last at least 4 times more than free ones. You will need to update them 1 or 2 years after their purchase!
• Let’s Encrypt SSLs are less compatible than paid ones. They are compatible for sure with modern software, but not with some of the older ones. This may seem like a detail, but it may prove to be quite important if you have a business and want to decrease the chances of someone connecting without the use of cryptography. Here you can find the limitations of Let’s Encrypt and here the relevant list for Comodo.

Now that you got your answers, the choice is yours! Don’t forget that regarding the cryptography of the data being transferred, Let’s Encrypt SSLs and paid SSLs do the same work! Also, remember that whether free or paid, every SSL from a reliable issuing company ensures the https in every browser!

In a few words, study every detail, and in no case find yourself without any SSL!