This is my first day here. My company is evaluating the use of Let's Encrypt for cert renewal. Given the push for CAs to now have shorter validity times, our company is considering different options.
We are currently using DigiCert with OV certs fully and we've looked into their options. However, Let's Encrypt was also another choice under consideration. Since I am brand new to Let's Encrypt community, I just wanted a jumpstart on a few questions I had below:
Does Let's Encrypt support OV-certs?
Can Let's Encrypt renew certificates of servers connected to the on-prem network, as well as servers and load balancers in AWS and GCP?
The context is that our primary CA is DigiCert and we also use the native certificate managers of AWS and GCP as well. Can Let's Encrypt support automatic renewal across all of these platforms?
If so what is needed to configure for example, load balancers in AWS that use certificates as well? It seems like it is a manual process unless you use their native Amazon Certificate Management services.
Overall thanks again for your feedback, it is greatly appreciated.
A multi-CA approach is usually fine. There may be situations where it makes more sense to use AWS cert manager etc, or Digicert OV certs, but you don't have to consolidate to one CA.
In fact, you should encourage and plan for a multi-CA strategy so you always have a backup plan.
Thanks for your input. I completely understand your need for decentralization. However we have a team of 2 so managing multiple CAs would further lead to administrative burden even if automation is involved. So in our situation we have to keep it simple with accepting the risk of relying on one supplier.
@CSF out of (commercial) interest, what certificate management tool are you currently using to manage your certificate renewals and what volume of certs are you working with (if you can share).
It's worth taking some time to explore automation options as it can free up some time or at least make existing processes more reliable.