Let's Encrypt FAQ (12 Articles)

What is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit by the Internet Security Research Group (ISRG). It makes it possible to obtain browser-trusted certificates for your domains at no cost that renew automatically every 90 days. With Let’s Encrypt there are no complicated configurations, no validation emails and you can have multiple certificates installed on your hosting accounts, for each domain and subdomain you choose. The certificates are domain-validated and don’t require a dedicated IP. They are supported by all major browsers . If you are a SiteGround customer, you can manage and install Let’s Encrypt certificates conveniently through an interface in your cPanel. Learn how in our cPanel Let's Encrypt Tutorial .…

Can I get Let’s Encrypt certificates at SiteGround?

Yes, you can. Let’s Encrypt certificates are automatically issued for free for all primary and addon domains that we detect as pointing to our shared servers. Additional certificated on shared accounts, as well as certificates for our Cloud and Dedicated server accounts, can also be issued for free through the cPanel. Learn how to manage and issue such SSL certificates in our cPanel Let's Encrypt Tutorial .…

Will HTTP/2 work once a domain gets Let’s Encrypt?

When you install Let’s Encrypt all people who visit your website through an encrypted connection (https) and use a modern browser that supports HTTP/2 (such as all the latest versions of Chrome, Firefox, Safari) will receive your content served through the newer and faster HTTP/2 protocol . Please note that depending on the application you use you may need to perform some additional configurations on your website to make it work properly with the SSL after the Let’s Encrypt installation. For example if you have installed Let’s Encrypt on a WordPress or a Joomla website, you may want to use our Toolkit to enable https. If you wish your website to be accessible ONLY through https, you may want to redirect all your http traffic to go to https by adding few lines to your .htaccess file. …

I installed Let’s Encrypt but my site doesn’t open via https

Probably you haven’t redirected your site to open through https and it defaults to http. Check out the article here about how to do it: https://www.siteground.com/kb/how_to_redirect_my_website_to_be_opened_through_https/ Another reason could be that you have the Free Cloudflare service enabled which doesn’t work over secure (https) connections. Check out here how to make your certificate work with Cloudflare: https://www.siteground.com/tutorials/cloud_flare_cdn/cloudflare_ssl/…

I read that Let’s Encrypt can be exploited by hackers. Is that true?

There is no known security vulnerability in Let’s Encrypt that can be exploited. What is usually meant by hacker threat in this context is connected with the type of certificate validation. Let’s Encrypt and many other paid SSLs are domain-validated only (DV). This means that in order to issue the certificate, the CA (certificate authority) only checks if the certificate requester owns the domain. If a hacker manages to acquire access (usually through phishing) to your domain account at your domain registrar, they can create subdomains of your domain and issue security certificates for ​the subdomains as if they were the owner. This is called domain shadowing and can result in misleading people that they are visiting your website while in fact it is a subdomain not related to  ​your site at all. A more secure type of validation is the extended validation (EV).​With EV, the identity of the certificate requester is also checked by the CA ​in addition to the domain ownership​,​ evеn when issuing a certificate for a subdomain. At SiteGround we offer EV certificates as…

What are the differences between Let’s Encrypt and the other SSLs you offer?

In terms of secure encryption, they are equal. All are trusted by the major browsers. Also all display the green padlock in the address bar of your browser. Still there are the following differences: Let's Encrypt doesn't offer dynamic site seals which some visitors may find reassuring. The other SSLs at SiteGround (Wildcard and EV) do. We provide dedicated IPs with EV SSL but not with Let's Encrypt and Wildcard SSL. With Wildcard SSL you can use one certificate for your domain and all subdomains. With Let’s Encrypt you should install separate certificates for each. EV SSLs have extra assurance for site visitors because they also display the company name in the address bar of your browser and company information in the certificate. EV certification requires a thorough background check of the company before issuance. For comparison Let's Encrypt certificates are domain-validated only (as are also the Wildcard SSLs at SiteGround). …

I already have SSL. Can I cancel it and get Let’s Encrypt?

Yes, you can. You should cancel your current SSL before you can get Let’s Encrypt. However please note that the other SSL certificates from SiteGround come with a dedicated IP and a dynamic site seal, which is something you won't get with Let's Encrypt. Before you proceed with the paid SSL cancellation, bear in mind the following: Your dedicated IP that goes with the SSL will be cancelled, too. All domains and subdomains on your hosting account will be assigned a new shared IP. Your DNS settings need to be updated with the new IP. If your domain is managed by us, we will update the settings automatically. If it is not, you should update them yourself at the company managing your domain. Once the DNS settings are updated with the new IP, it can take from a few hours to up to 72 hours for all your websites’ domains to start being associated with the new IP (a process known as DNS propagation). During this time your websites may appear down if accessed by domain name. …

Let’s Encrypt lifetime and renewal

Let’s Encrypt certificates are valid for а period of 90 days and SiteGround has a system for their auto renewal. So your SiteGround-issued Let's Encrypt certificates will auto renew every 90 days, unless you choose to cancel them through the cPanel…