What's The Difference Between Paid and Free SSL

  Print

What's The Difference Between Paid and Free SSL

The main reasons you may want to pay for a SSL certificate, rather than use our free SSLs (provided by Let's Encrypt) are:

1 - Paid SSLs can be validated using email-based authentication as well as DNS/file based. This means that you can put a paid SSL on a staging site that is not yet live, whereas this is not possible with a Let's Encrypt certificate.
2 - Some payment gateways require a certificate with warranty, and can refuse connections if the certificate does not meet its requirements. In our experience this is most common for payment gateways that use API integration.
3 - Paid SSL certificates can be valid for up to 1 year (compared to 3 months for Let's Encrypt).
4 - A paid SSL includes warranty (up to $20M depending on the certificate) so it may be possible to file a claim if the SSL is broken by hackers. Free certificates come with no warranty.

The complete list of differences are:


Paid SSL (Rapid SSL and Others) Free SSL
Warranty Yes (Up to $20M)
No
Support Provided
Yes
Yes (partial, no guarantee)
SSL Length 1 Year
3 months
Automatic Renewal No
Yes
Personal Validation Yes Yes
Business Validation Yes (on EV Certificates)
No

General SSL Recommendations
Note: These recommendations are general only, and your particular site may differ in its requirements. We'd recommend speaking to your developer or our tech team if you have any queries.

Let's Encrypt AutoSSL
This SSL will be sufficient for most websites.
The SSL is free and attempts to automatically renew every 3 months. However it does require DNS to be pointing to our server before the certificate is issued. The main benefit of paid certificates are increased levels of validation and the presence of warranty, which are not required on all websites. For more information on installing these certificates, view our Let's Encrypt Guide.

RapidSSL
We'd recommend this SSL for small to medium sites with payment gateways.
Some payment gateways require a certificate with warranty on it, and can refuse connections if the certificate does not meet its requirements. In our experience this is most common for payment gateways that use API integration. Some payment gateways do require SSLs with Organization Validation or Extended Validation, but we'd recommend speaking with your website developer to confirm.

Wildcard SSL
We'd recommend this certificate in situations with multiple sites on different subdomains. It's worth noting that depending on the amount of sites, it might be more cost-effective to get multiple single-domain certificates.

Multi-Domain SSL
While Wildcard certificates are valid for all subdomains on the same primary domain, these certificates provide validation for multiple different domains and subdomains. These certificates are more rarely used, but are most often placed on some Windows servers and for Wordpress multi-site instances.

EV SSL
Extended Validation SSLs are issued only after verification that the applicant is a genuine legal entity, which comes from a business reputation firm such as Dun and Bradstreet. These would be most useful when business validation and customer confidence is crucial to your business operations.
Note: Until recently EV SSLs also displayed the company name in green in the address bar. As of Chrome 77, Chrome has moved this this UI to Page Info, which is accessed by clicking the lock icon in the URL bar.


For more information and tutorials on SSL Certificates, see our SSL Guide Repository.


Did you find this article useful?  

Related Articles

© Crucial