While LE is currently the third largest Cert. Authority in the world my hesitation to use them in a large scale production environment boils down to one factor: reliability. Per LE's own data up time in 2017 was only 98%. For vast majority of apps / sites this is fine.
A second hesitation I have is more of a personal experience one. A service that costs 2.7Milion USD per year (year end 2016) and growing. Someone has to pay the bills. Free services tend to go one of two ways: heavy marketing (email spam) for the better service or begin pivoting from free to fremium. This would for enterprise to put in additional effort to migrate Cert. Auths. Double effort = wasted budget / time.
The last bit that holds me back from recommending LE for the enterprise is the 3 month limit before renewal. Larger organization are not necessarily fast moving orgs. If automation / cron is not configured it could be weeks before someone is tasked to correct the issue. With year certifications the expiration is far enough away maintenance time can be scheduled and effort allocated. The return on investment is a bit better. Again, in cases wherein automation is not used.
Again, my recommendation only covers large scale, enterprise, critical systems. If you app/site/game/blog is getting less than millions of requests per minute Lets Encrypt is a great option. Infact, I use it...98% of the time :).
Any reasons for that?
(For brevity, Lets Encrypt === LE.)
While LE is currently the third largest Cert. Authority in the world my hesitation to use them in a large scale production environment boils down to one factor: reliability. Per LE's own data up time in 2017 was only 98%. For vast majority of apps / sites this is fine.
A second hesitation I have is more of a personal experience one. A service that costs 2.7Milion USD per year (year end 2016) and growing. Someone has to pay the bills. Free services tend to go one of two ways: heavy marketing (email spam) for the better service or begin pivoting from
freetofremium. This would for enterprise to put in additional effort to migrate Cert. Auths. Double effort = wasted budget / time.The last bit that holds me back from recommending LE for the enterprise is the 3 month limit before renewal. Larger organization are not necessarily fast moving orgs. If automation / cron is not configured it could be weeks before someone is tasked to correct the issue. With year certifications the expiration is far enough away maintenance time can be scheduled and effort allocated. The return on investment is a bit better. Again, in cases wherein automation is not used.
Again, my recommendation only covers large scale, enterprise, critical systems. If you app/site/game/blog is getting less than millions of requests per minute Lets Encrypt is a great option. Infact, I use it...98% of the time :).
LetsEncrypt is connected to the legally nonprofit Linux Foundation. They're about as likely to switch to ads as Wikipedia is.
I was not aware of this, very good news indeed! Thank you for the info Michael.
I redact my concern over funding of Lets Encrypt and replace is with positive support.