PCI DSS Compliant


I would like to ask if the Let’s Encrypt is PCI DSS Compliant? hoping you could give a link or proof that the Let’s Encrypt is compliant to PCI DSS.

Thank you so much

Hi @sherwin,

I would suggest reviewing the prior threads at


If you have an auditor or a merchant bank verifying your compliance, you could also direct your question to them.

Let’s Encrypt is currently used by many online commerce sites and so it appears that people have found solutions to confirm compliance.


See also

I don’t believe there is a PCI-DSS audit for certificate authorities, only the WebTrust audit. Let’s Encrypt has passed this audit. :slight_smile:


The certificate is only part of the PCI-DSS requirement process, and there are quite a few configuration issues (such as adjustment of cipher suites, etc) for servers besides the necessity for a certificate. You might check out


for a starting point. If you run that test on my site


you can see that LE certificates can certainly provide PCI-DSS (and HIPAA, and NIST) compliant sites.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.