Let’s Encrypt FAQ

What is Let’s Encrypt SSL and why is it free?

Let’s Encrypt is a free, automated and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). They provide digital  (Domain Validation) certificates in order to enable HTTPS (SSL/TLS) for websites, for free, to create a more secure and privacy-respecting Web.

What is the difference between the Let’s Encrypt certificate and the Thawte SSL123 certificate?

Both offer the same strength of encryption and both are domain validated, resulting in https and a green padlock being displayed in the address field of the browser.

They are issued by 2 different certificate authorities but perform the same function with the same encryption benefits. Let’s Encrypt is a non-profit organization funded by donors, whereas Thawte is a for-profit company.

Does Let’s Encrypt offer OV or EV certificates?

No, they don’t provide Organisational Validation (OV) or Extended Validation (EV) certificates. Hetzner  offers Thawte Web Server OV certificates, or you can obtain an OV or EV certificate directly from a certification authority of your choice and we will install it for you. A once-off set up fee applies for this manual installation.

How does the domain verification work?

Domain validation is typically done either by verifying the existence of a specified DNS record or the existence of a file accessible via http. If the requestor can create either of these, they meet the criteria for demonstrating control of the domain. For a more detailed explanation see: How it Works

How does the renewal process work?

Once a Let’s Encrypt certificate has been installed on a domain, the certificate is automatically renewed by Hetzner every 60 days, therefore certification is effectively indefinite and no renewal is needed by customers.

Is there a setup fee for Let’s Encrypt?

No, as the process is entirely automated, we don’t charge a setup fee for Let’s Encrypt. Once-off set up fees apply for a Thawte WebServer Certificate or for a customer supplied certificate installation, which are manual processes to activate on our servers.

Can I use Let’s Encrypt for email encryption?

No. There is a difference between encrypting the contents of your mailbox and encrypting the communications channel between your mail client and the mail server. Although it is technically possible to use a Let’s Encrypt certificate to encrypt the end-to-end connection between a mail client and a mail server, Hetzner does not support this use-case yet. Let’s Encrypt certificates cannot be used for mail storage encryption.

Are certificates from Let’s Encrypt supported by all browsers?

Nearly all, but there are minor exceptions e.g. gaming consoles, older Blackberry devices and Windows XP. See the Let’s Encrypt compatibility list for specifics.

Will my existing Thawte Certificate automatically be replaced by a certificate from Let’s Encrypt?

When the time comes to renew your current certificate, we will contact you to arrange for the Let’s Encrypt certificate as a replacement for the Thawte one. We will cease offering the Thawte 123 certificate in due course.

Will Let’s Encrypt be offered by Custom Hosting Solutions (CHS)?

Not at this time. They are hoping to do so in due course.

Where can I find more information about Let’s Encrypt?

Refer to Let’s Encrypt’s FAQ’s.