Let's Encrypt vs. cPanel DV Certificates
Perhaps I'm just not finding the right link that describes this.
What is the point of Let's Encrypt over cPanel's AutoSSL? Aren't these essentially the same thing?
Let's Encrypt is a just a free domain validated certificate. Isn't cPanel offering the same thing, with a cPanel DV SSL Certificates?
Or am I missing something?
Granted, Let's Encrypt is for a broader market (you don't have to be using cPanel) but since we're talking cPanel, what's the incentive for offering (or spending time on a Let's Encrpyt plugin) Let's Encrypt when cPanel has their own system? Or vice-versa. It seems there are two different products that offer the same thing (at least for us cPanel hosts) so why would I want to offer both? It would just double the headaches.
-
What are cPanel DV Certificates and how are they different from Let's Encrypt certificates? 0 -
New What are cPanel DV Certificates and how are they different from Let's Encrypt certificates?
Hello, Yes, as @cPanelBenny mentioned, the free cPanel (powered by Comodo) and the free "Let's Encrypt" certificates both utilize domain validation (DV). The following URL offers more information about domain validation itself if that's the information you are seeking: How It Works - Let's Encrypt - Free SSL/TLS Certificates Thank you.0 -
I guess my question is, why offer two of the same thing? I know Comodo and Let's Encrypt are two different kinds of certificates and I suppose internally they are different (perhaps Comodo offers a greater warranty? Perhaps Comodo is recognized by more browsers?) But for end users, for the most part, a domain validated certificate is a domain validated certificate, nevermind who it is signed with. I guess I just don't understand the hammering that people have for wanting Let's Encrypt in cPanel, when cPanel is offering their own free secure certificates? Or perhaps cPanel should fold their free certificates and switch entirely to Let's Encrypt. 0 -
Hello, The ability to issue free DV certificates from Comodo was a project started before support for "Let's Encrypt" was planned. However, there's a large demand for Let's Encrypt from our users. You can monitor the progress on the planned "Let's Encrypt" plugin, and review the comments section to see user-feedback at: Provide Support for Let's Encrypt Automated Certificate Management/SSL Thank you. 0 -
From what I understand, when Let's Encrypt first appeared, most corporations (certificate authorities) didn't take them seriously and hoped they'd be a failure like CACERT. But once they realized that the whole scam of selling certificates is finally over, they changed their business strategy to offer free certificates to various organizations like cPanel, in the hopes that they won't completely disappear from the face of the earth. Most certificate authorities have gone down that road. Certificate authorities are now trying to keep the scam of selling certificates alive, by enforcing their EV certificates, down our throats. cPanel has handled this issue admirably, their AutoSSL feature will handle multiple vendors, thus we should be able to choose Let's Encrypt over Comodo in the near future. Anyway, rant is over :) I guess my question is, why offer two of the same thing? I know Comodo and Let's Encrypt are two different kinds of certificates and I suppose internally they are different (perhaps Comodo offers a greater warranty? Perhaps Comodo is recognized by more browsers?) But for end users, for the most part, a domain validated certificate is a domain validated certificate, nevermind who it is signed with. I guess I just don't understand the hammering that people have for wanting Let's Encrypt in cPanel, when cPanel is offering their own free secure certificates? Or perhaps cPanel should fold their free certificates and switch entirely to Let's Encrypt.
0 -
cPanel has handled this issue admirably, their AutoSSL feature will handle multiple vendors, thus we should be able to choose Let's Encrypt over Comodo in the near future.
Hopefully you're right given Comodo's recent effort to claim the "Let's Encrypt" trademark. Defending Our Brand [Updated] - Let's Encrypt - Free SSL/TLS Certificates0 -
sawbuck, I didn't mention their dirty tactics because I was trying to be polite and not make this something personal against Comodo :) But you are right, it should be mentioned, because their sinking ship is desperately clutching at anything right now. Hopefully you're right given Comodo's recent effort to claim the "Let's Encrypt" trademark. Defending Our Brand [Updated] - Let's Encrypt - Free SSL/TLS Certificates
0 -
So really there's no discernible difference between a Let's Encrypt certificate a cPanel Comodo Free DV certificate. 0 -
Thats right. The only difference, is the authority signature (Let's Encrypt or Comodo). Thats it, there is no other difference (unless you get technical and change the encryption bit rate to something higher, 2048 to 4096, etc). Even a self-signed certificate is the same as any other, but the authority signature is your own. 0 -
I haven't taken a look at Let's Encrypt, but do note the Comodo certs are 3 month certs, looking at the expire dates in WHM. 0 -
Let's Encrypt certificates are 90 days too. I have not checked on cPanel's Comodo certificates, I thought they might be 1 year, giving them a distinct advantage. But if they're 90 days too, then I just really don't see the difference. I guess you can just call me stupid, but I just didn't see the point of everyone hammering the mailing list, forums, and feature requests for "When is Let's Encrypt going to be in cPanel?" When cPanel was already working on their own Comodo-based free certificates. I thought maybe there was a reason why there was all this rage about cPanel including Let's Encrypt certificates in user's cPanels. We've been offering Let's Encrypt certificates (not tied to cPanel) for a couple of months now. 0 -
Well, the idea behind Let's Encrypt, is that you can manage your Let's Encrypt account and certificates outside of cPanel, in parallel with cPanel and you can even migrate your certificates. Let's Encrypt also uses open protocols and there are tons of open source clients for managing certificates. Overall, there is a greater advantage to using Let's Encrypt over a commercial vendor. What is really impressive, is the fact that for DECADES the certificate authorities just pocketed the money and never actually offered anything of value to the user. But now, within the past year, we've seen them scramble to action, announcing this new feature and that new service... they make me smile :) 0 -
I think it's really about the buzz of LetsEncrypt and free certs being offered that people are not understanding that the AutoSSL generated certs by Comodo are essentially the same for all intents & purposes. 0 -
So after a few decades, it was a complete accident that the certificate authorities decided to offer certificates for free... just when Let's Encrypt came around? ;) If it wasn't for Let's Encrypt, they'd be milking the golden cow for several more decades, I think. 0 -
Domain Validated certificates have always been a sham, a way for certificate authorities to make a quick buck without doing anything. A domain validated certificate and a self-signed certificate are essentially the same thing. Both provide encryption without trust. When any Tom, Dick, and Harry can get a certificate for a domain name, there's no trust involved. In my opinion, browser developers shot themselves in the foot (probably at the behest of certificate authorities) when they started putting up ugly warning messages about self-signed certificates. In my opinion, they should have gone in the other direction and made less of a fuss over self-signed certificates. This would have accomplished the same thing that Let's Encrypt and other DV certificates are doing, by allowing encryption without trust. There's basically two types of certificates. Certificates that encrypt only and certificates that encrypt and trust. WordPress, cPanel logins, etc. they should probably be encrypted to better protect you from network sniffing on public wifi and what not. Does it require trust? Not really. If you're logging into your own WordPress blog on your own site, you probably implicitly trust it. Websites where payment information is being taken up, you want that encrypted as well, you also want to know you are sending that information to a legitimate business, thus EV certificates. All certificates from certificate authorities should be and should have always been EV certificates (although we probably wouldn't called them Extended-Validation certificates if they had always been that way). All other certificates could just as well be self-signed. The green bar provided by EV certificates is a nice touch. Although I'm not sure browser developers would have had to have gone to that depth. A simple padlock to indicate that a website is using an encrypt only certificate and a different symbol for a website that is using an encrypt and trust certificate would have been sufficient. Then teaching the public (this is the one thing nobody wants to do) that padlock mean encrypt only "don't enter payment information here" and green shield means encrypt and trust "OK to enter payment information here." But, hindsight is 20/20. It's amazing what a little foresight can do! 0 -
Very nicely said. I'd like to add one more thing. Its also possible to be your own certificate authority and issue your own certificates, by manually trusting your own root certificate. This way you can run your own encrypted connections with trust, but implies that this is for your own devices only (all others would see untrusted certificates). 0 -
I certainly don't want to rain on anyone's parade, and this incentive from cPanel together with the issues and opinions raised here are all excellent, but I feel someone needs to raise the question of Liability ! If you are directly advising your hosting clients, you may want to take legal advice before recommending these types of certificates as it has some small potential to come back and bite you, drink all your whisky and steal your girlfriend. You will find that the Lets Encrypt Subscriber agreement effectively absolves them from any sort of liability at all, and the US Government Amendment is unenforceable outside the US. It would seem that Comodo have similar Limitations of Liabilities and waivers. I cannot stress enough, if you are in any doubt - talk to a lawyer :eek: 0
Please sign in to leave a comment.
Comments
17 comments