Letsencrypt vs Clouflare as Free SSL provider for your website

Running your website on secure https protocol is becoming the norm. In fact, if your website isn’t on https, browsers are now warning users that they are accessing unsecured website. Also if you are not running https, it’ll affect your SEO rankings.

Now to have your website run on the secure https protocol, you need to install an SSL certificate. Until recently, acquiring one was an expensive and bureaucratic process. Not anymore.

So far, the best options for quick and secure SSL certificate are Cloudflare, the global internet CDN giant and another upstart Letsencrypt backed by Mozilla, Facebook and other big shots. Both offer free secure SSL certificates in different ways and we shall examine which one is best suited for you.

Cloudflare

Cloudflare is a web performance company. They speed up websites by providing content delivery network services, DDoS mitigation, Internet security and distributed domain name server services. Cloudflare sits between your visitors and your website or hosting provider acting as a reverse proxy. They cache content from your website to geographically distributed network of servers around the world connecting your users with the nearest server.

Cloudflare also provides Free SSL certificates since they are a proxy to your website. They use Server Name Indication (SNI), an extension of the TLS/SSL protocol to terminate secure connections from users to your website. SNI makes it possible for browsers to connect to secure website even when the  SSL certificate doesn’t match the domain name of the website. This is very important for reverse proxy that is Cloudflare because they map several websites to a single IP address.

I have my personal website davidokwii.com running behind Cloudflare. If you do an SSL chain check, you’ll notice that SSL certificate is mapped to Common name: sni220839.cloudflaressl.com not davidokwii.com. This particular SSL certificate is called a Subject Alternative Name (SAN) or multi-domain SSL certificate as it supports more than one domain name. SAN an extension to the X.509 specification that allows users to specify additional host names for a single SSL certificate.

The great thing about Cloudflare’s SAN certificate is that one it’s free. Secondly you don’t need to worry about renewing given that it’s Cloudflare’s responsibility to keep renewing it and keep it secure. And thirdly you get the benefit of Cloudflare’s CDN service ontop of SSL certificate.

The draw back is you don’t get to choose which domain names you choose to share the SSL certificate with. It’s possible for your domain name to share the same SSL as a porn site for instance which affects your brand. Perhaps something undesirable as sharing the same SSL as your competitor.

Letsencrypt

What about Letsencrypt. Most of my websites are running on Letsencrypt, so it’s obvious I have a bias for them. Letsencrypt is a non-profit backed by Mozilla, Cisco, OVH, Google, Facebook, Internet society, AKamai just to name a few. They offer free unlimited SSL certificates to anyone with a domain or hostname and they recently even added wildcard SSL certificates.

Letsencrypt has a number of tools for installing and automating renewing of certificates across multiple operating systems. A lot of hosting providers now integrate with them providing you with Letsencrypt certificates without you even knowing.

If you are going to install Letsencrypt certificate on a private server, it can be a bit tricky. You need to be technical unlike Cloudflare. But you don’t need to be an expert in cryptography of course. I am running Site Monki on Letsencrypt and it works perfectly fine.

The draw back to Letsencrypt certificates is that they expire in just 3 months. Apparently this is supposed to be a good thing for security. So you have to keep renewing them. While this process can be and should be automated, it’s common for auto-renewing scripts to fail. I have had this challenge for a while and surprisingly I rely on Site Monki to monitor sitemonki.com SSL certificate!

Irrespective of the provider you choose, you need SSL Certificate checker and monitor. There are several options on the market, but I find (obviously) Site Monki’s SSL Certificate checker quite effective. You can get started today.

Leave a Reply

Your email address will not be published. Required fields are marked *