I know this topic has been covered several times before, but I’m trying to understand if Let’s Encrypt is an “enterprise” savvy solution that can be used for a large enterprise managing thousands of certificates. This would be in contrast to using either a private CA or another public CA (we currently do business with e.g. Globalsign, Digicert, also supporting ACME).
Considering the rate limiting and bandwidth constraints, and not guarantee of service from an availability perspective (as well as customer support), Im leaning towards using a commercial grade public CA, but who doesn’t like free certificates? I do understand there is a form that companies can use to increase the rate limits, but how successful have others been? I’d like to understand what others are think in this capacity. I’ve listed the pros/cons below as a starting point.
The advantages and disadvantages are as follows:
* Certificates are free.
* Supports ACME.
* Browser trust is installed in every major browser.
* Rate limiting and max cap associated with new certificate issuance as noted here.
* Max issuance of new certificates are potentially capped at 50 new certificates per week, which will negatively impact deployment.
* No guaranteed service level agreement in the event the service was to become unavailable.
* Any changes to the stack, including required certificates revocation as noted here, will impact operational performance of the systems and service availability.
* Certificates issued by Let’s Encrypt have a validity period less than 90 days. With that said, certain systems require a controlled, scheduled time slot for when this occurs. If this can’t be done within 90 days on the system in question, then Let’s Encrypt is not a viable solution for these systems.
* No strong, paid customer support.