Let’s Encrypt FAQ
What is Let’s Encrypt SSL/TLS and why is it free?
Let’s Encrypt is a free, automated and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). They provide digital (Domain Validation) certificates in order to enable HTTPS (SSL/TLS) for websites, for free, to create a more secure and privacy-respecting Web.
Will my website automatically use HTTPS?
It should, as SSL/TLS is already activated for all domains and nothing further is needed from you to activate the SSL/TLS certificate. However, your website may not be set up to implement the SSL/TLS. Here’s how to check for SSL/TLS and implement, if required.
What is the difference between the Let’s Encrypt certificate and the Thawte SSL123 certificate?
Both offer the same strength of encryption and both are domain-validated, resulting in https and a green padlock being displayed in the address field of the browser.
They are issued by 2 different certificate authorities but perform the same function with the same encryption benefits. Let’s Encrypt is a non-profit organization funded by donors, whereas Thawte is a for-profit company.
Does Let’s Encrypt offer OV or EV certificates?
No, they don’t provide Organisational Validation (OV) or Extended Validation (EV) certificates. You can obtain an OV or EV certificate directly from a certification authority of your choice and we will install it for you. A once-off setup fee applies for this manual installation.
How does the domain verification work?
Domain validation is typically done either by verifying the existence of a specified DNS record or the existence of a file accessible via http. If the requestor can create either of these, they meet the criteria for demonstrating control of the domain. For a more detailed explanation see: How it Works
How does the renewal process work?
Once a Let’s Encrypt certificate has been installed on a domain, the certificate is automatically renewed by us every 60 days, therefore certification is effectively indefinite and no renewal is needed by customers. The renewal is dependant on both records pointing to our server (with and without www).
Is there a setup fee for Let’s Encrypt?
No, as the process is entirely automated, we don’t charge a setup fee for Let’s Encrypt. Once-off set up fees apply for any alternative certificate installation.
Can I use Let’s Encrypt for email encryption?
Yes, this is possible if the website and mail for your domain are hosted with us, and our Let’s Encrypt certificate is installed for your domain.
Are certificates from Let’s Encrypt supported by all browsers?
Nearly all, but there are minor exceptions e.g. gaming consoles, older Blackberry devices and Windows XP. See the Let’s Encrypt compatibility list for specifics.
Will my existing Thawte Certificate automatically be replaced by a certificate from Let’s Encrypt?
When the time comes to renew your current certificate, we will contact you to arrange for the Let’s Encrypt certificate as a replacement for the Thawte one. We will cease offering the Thawte 123 certificate in due course.
Where can I find more information about Let’s Encrypt?
Refer to Let’s Encrypt’s FAQ’s.