I asked Namecheap to implement Let’s Encrypt. I got this response.
"The Let’s Encrypt SSL script can be tested with Namecheap hosting. But, unfortunately, since this is a third-party product, we might not be able to troubleshoot any issues on the way.
Additionally, we would like to emphasize that free SSL certificates are not subjects to any business or company validation, therefore it is not recommended to consider them for any business entity."
Wondering what Let’s Encrypt Thoughts are on this?
Let’s Encrypt only offers DV certificates, not OV or EV certificates. That means that the certificates don’t include verified information about the legal identity of the organization that uses them. (Let’s Encrypt doesn’t have an automated way to check that information; it would have to be checked offline, which would cost money.) However, the cryptographic security of the user’s connection to the site is the same.
Some businesses may feel that an OV or EV certificate is better for their needs. As far as I know, it’s not required by any regulations and there isn’t strong evidence that most end-users regard it as more trustworthy or commonly check the identity information. Quite a lot of businesses have been OK with our DV certificates for their business sites so far. In particular, a DV certificate is OK under the PCI rules for a site or service that accepts credit card numbers.
It’s true that Let’s Encrypt does not issue OV/EV certs, which many people consider important for business domains (particularly financial institutions). Rather than verifying the identity of the domain owner, Let’s Encrypt validates only that the person requesting the cert has control over the domain(s) for which the cert is requiested. However, many major online business do just fine with DV certs, of the same sort that Let’s Encrypt issues–Amazon for one, Google for another.
No, the green bar is only with EV certificates. What you’ll see, assuming you configure your site correctly, is the same thing you see here. For me, that’s a green padlock, but browsers differ on that presentation.
Yes. For an example of the green bar, take a look at the screenshot that @jmorahan posted above–it not only has the green padlock, it also has the name of the company in green. In some browsers (IE, for example), the whole background of the address bar will be green with that kind of cert.
This image (from here) nicely illustrates the difference between the green padlock (DV/OV) and the green bar (EV). Although browsers do change how they display things from time to time.
Hi @hib , I use LetsEncrypt on all of my sites that I have hosted with NameCheap, except for the WordPress Multisites (multiple domains tied to the same network). All of my sites are WordPress.
LetsEncrypt works well. However, because I am on a shared server the auto-install doesn’t work for me for me, so every 90 days I just install manually via cPanel - very easy to do.
Maybe a little more information about the types of certificates would be helpful at the letsencrypt-website?
e.g.
… and yes, it would be nice to get a certificate with included (& verified) name of the using person, group or initiative – preferably at a reasonable price-tag for us poor normal beings
As far as I understand, the focus of Let's Encrypt is on full automation, on the CA side and on the requesting side. The validation of an EV certificate cannot be done automatically. There are even validation schemes which require a telephone call to the requesting party.
… but maybe sometimes someone will find a way to satisfy this special wishes in an until now unknown easy way? … perhaps only a question of figuring out how much people or little organizations will be able or willing to pay for such a “luxury service”.
Whether they're "needed" is really up to (1) the person/organization who wants the cert, and (2) whoever their customers are. There is value in validating that Bank of America Corp. is actually who's requesting the cert for bankofamerica.com, rather than (for example) someone else who managed to get the domain before the Internet got big. So, in the US at least, most financial institutions use EV certs for their websites (though one of my credit unions doesn't). How much that value is, is a separate question, but to many people and organizations, it's non-zero.
On the other hand, as you point out, some major Internet businesses do just fine with DV certs.
