Is Let's Encrypt SSL certificate a domain-validated certificate or EV certificate?


#1

Hi,

I am new to SSL. Can I use Let’s Encrypt SSL certificate on my e-commerce website? Is it a domain-validated certificate or EV certificate? Does it work with both www.mysite.com and mysite.com?

Thanks,


#2

Welcome!

Yes.

Domain-validated.

Yes, it can. You can either issue one certificate for both or two separate certificates. (Make sure, if you plan to do this while LE is still in beta, that you specify both domain names in the form.)


#3

Wow, response my post in 3 minutes! Thanks,

Another question, why do I only get CSR file and the private key file when I run ./letsencrypt-auto -d www.example.com auth? just because I used a fake domain for test? Where is the certificate file?


#4

sorry, but PLEASE start reading and think before you ask. (especially concerning the first and second quote)

for starters EV requires manual authentication of the entitity who is the target of the cert and the one who requests the cert about his authority to do so, also obviously a domain check will be done.
LE tries to make automation as good as possible which is plain impossible with EV.

also LE certs are domain validated, do you ACTUALLY think that you get a cert for a fake domain?
obviously it cannot be validated that you own that fake domain and vithout validation, no Domain Validated cert for ya…


#5

OK, I see.

I used a fake domain for testing because I don’t have a domain name for my development box. I have applied self-signed SSL on my production server. Will the existing SSL setup conflict with LE client or make trouble with LE client? How do I switch to LE SSL certificate? Just replace the 2 lines in apache configure file with path to LE certificate and key files and restart apache?


#6

when you are good you can just replace the key and the cert files (better make a backup) but at least if you just modded the default config, there is a commented certficatechainfile or whatever it was which needs to be the chain.pem you got from LE. so have fun.


#7

You cannot use a fake domain. If you want to get a certificate you have to use the real domain.
This way it’s understandable why so many users signed up using the domain “example.com”. :smile:
https://twitter.com/rugkme/status/659470925813952513


#8

Well, maybe using example.com is a joke. But as a SSL newbie, I have to know the whole process to use LE client.


#9

@cuteant: You won’t be able to get a certificate for your development box until you have a domain name for it. The data in a certificate contains a specific domain name. The main thing that Let’s Encrypt does is to check that that domain name belongs to the person who is requesting a certificate. So you can see why, e.g. example.com wouldn’t work. If you’d like to get a temporary DNS name for testing, there are many free DNS services like dyndns.org. Note that in order to use one of those services, your development box would need to be publicly visible on the Internet at a specific IP address.

@My1: Thanks for helping out on the forums! Please remember to be extra kind to newbies. Everyone is welcome here, no matter what their skill level.


#10

yeah dummy domains don’t work, I tried at https://community.centminmod.com/posts/20305/ heh and got message

An unexpected error occurred.
Error: serverInternal :: The server experienced an internal error :: Error creating new authz

probably should be a more specific message for dummy domains ?


#11

@jsha sha yeah sorry but it was so face palm I dunno how good the OP is eith english but domain validated can just mean that you need to have a valid domain, so…


#12

So can I get an EV through Let’s Encrypt? Where would I have to verify the information?


#13

No, Let’s Encrypt issues only DV certificates.


#14

since LE is only for fully automated free certs you will never get anything more than a DV from here.