The article is devoted to the review and comparison of different types of SSL certificates.
Today we all care about safety: we put an alarm on the car, we lock the doors. Similarly, today almost all sites provide themselves with security. One of the main elements of this security is the SSL certificate, used since the distant 1994. It is he who provides a secure communication channel.
SSL certificates come in three forms:
• DV (‘Domain Validation’) – domain verification, quick issuance of 15 minutes,
• OV (‘Organization Validation’) – organization verification, of several days,
• EV (‘Extended Validation’) – advanced verification, the famous green lock, up to a week of issuance.
Today we will consider only certificates with domain verification (DV), and only free, we will choose which certificate is most suitable for starting.
Let’s Encrypt – a classic of the genre
Let’s Encrypt is a non-profit organization, created as early as 7 years ago (in 2012), gained its popularity due to exclusively free certificates (for 90 days).
+ certificate for a period of 90 days,
+ IDN support (from 2016),
+ support for subdomains,
+ notification of certificate expiration.
– you need to install the client on the server to obtain a certificate or use third-party services
– because of this, the issuance time increases – on average, from 15 minutes,
– on third-party services there is only one way to confirm – via HTTP, for example, a free anti-bot system is often used on free hosting services – it’s not possible to get a certificate here,
– some operating systems and old browsers are not supported, not very compatibility,
– there is no security guarantee,
– no SiteSeal.
Cloudflare – The Tricky Option
Cloudflare is an American company that provides services for protection against DDoS attacks and has a free tariff, which is exactly what interests us. If you host a site on it, an SSL certificate is provided free of charge.
+ support for multiple sites and subdomains at once,
+ certificate for one year with renewal,
+ IDN support.
– support for far from all operating systems,
– transferring DNS to their servers is mandatory,
– not only you will be in the certificate, but it will also be issued to one on 50 sites – lack of security,
– you will have to torment yourself with the settings, you won’t be able to quickly get the certificate,
– no security guarantees
– no SiteSeal.
ZeroSSL – New Option
ZeroSSL is a fairly new project, partners of which is one of the largest certification centres – Sectigo CA (formerly Comodo CA), which issues these certificates, and a major seller of paid certificates GoGetSSL.
+ protection of www and the main site,
+ receiving a certificate – no more than 5 minutes,
+ different methods of domain verification (HTTP, CNAME, and mail),
+ certificate for 90 days with unlimited renewals,
+ IDN support,
+ there is SiteSeal,
+ notification of expiration certificate,
+ $ 10,000 guarantee from GoGetSSL,
+ support for 99.6% of devices (very high compatibility).
– there is no way to add subdomains, for each you need to order your own certificate.
A bit about paid certificates
At the end of the article, I want to remind you that a free certificate will never replace a paid one and is recommended for use only during testing. If your project is already serious, we advise you to buy a paid certificate: it’s both more reliable and less worried.
If you choose among free.
Cloudflare wins the certificate in time, but its configuration will be problematic, and there are doubts about security. Let’s Encrypt wins in the subdomain support category, but loses in the number of supported devices, as does Cloudflare.
In terms of speed and convenience of issuance, Free SSL Space has a definite victory, security and guarantee are also on its side, which is why we recommend using it, it is better to create a separate certificate for domains than to regret losses later.