What is a Let’s Encrypt certificate and how does it work?
In the following article, we explain exactly what the Let’s Encrypt SSL certificate is and how it works.
As we all know, SSL is a cryptographic protocol that is used to secure communication from the source (server) to the recipient (the customer’s browser). https://it.wikipedia.org/wiki/Transport_Layer_Security
Let’s Encrypt is a Certification Authority (CA) that issues free Domain Validated (DV) certificates with a validity period of 90 days.
The certificate issued by Let’s Encrypt has the same properties as the DV SSL certificate.
The integration and automation of Let’s Encrypt on the cPanel platform is done via a special plugin that allows you to
- request and install a Let’s Encrypt SSL certificate, for any configured domain or subdomain that does not have one or one of the following:
- self-signed
- issued by Let’s Encrypt, but expired
- issued by Let’s Encrypt, valid but with an expiration date of less than 7 days
- Renew your Let’s Encrypt certificate before it expires
The SSL check is performed automatically and at certain intervals, so it may take some time (even a few hours) for the certificate to be configured for a new website. The time it takes to issue a certificate may also depend on the availability of Let’s Encrypt resources and on a number of restrictions imposed by the CA itself (available at: https://letsencrypt.org/docs/rate-limits/ ).
These restrictions can be briefly summarized as follows:
- Maximum of 20 certificates per week for subsites of the same domain.
- Maximum 5 duplicates of certificates.
- Maximum 5 requests per user, per hostname, per hour
How to get the Let’s Encrypt certificate and where to display it?
The certificate request/installation/renewal process is fully automated:
- the domain/subdomain is configured in CPanel
- the domain/subdomain is directed to the Linux hosting platform with CPanel
- the automatic SSL certificate check is activated (this option is activated by default for all hosting packages)
- the domain/subdomain is included in the SSL check (this option is enabled by default for all domains/subdomains configured on the hosting service)
If you use services such as external CDN/PROXY or if you have configured an AAAA record (for IPv6) in your DNS zones, Let’s Encrypt cannot be installed for your domain and you would need to consider purchasing one of the SSL certificates described in more detail on our website.
The SSL certificates installed for the domain can be viewed in CPanel, in the SSL/TLS section:
Access to your CPanel hosting
Click on SSL/TLS in the Security section.
Select the Manage SSL websites option.
Click on Details to view the certificate.