Free certificates: why you should not use them

Free SSL-certificates are seemingly very profitable and easy way to protect your site. Indeed, why buy something when you can get it all for free from a variety of certification authorities? Free certificates attract business owners, but in the end its lead to losses. Why? Let's look further.

Free SSL-certificates are rarely trusted by major companies

In order for large corporations to include the root key of the CA (certificate authority) in own products, the CA must meet numerous conditions, the implementation of which requires significant financial investment. To attract such investments without the offer of paid products is virtually impossible. For this reason, the certification authorities that provide free certificates often have paid solutions in their product line, which differ in additional advantages: speed of issue, the possibility of including sub-domains, enhanced authentication, etc.

Free certificates are not suitable for sites which take payments

Free SSL-certificates rarely used to protect online stores, banks, websites, microfinance institutions, or any other sites accepting payments, because it is completely unclear who owns the site. People have less trust in sites protected by free certificates, which can have a negative impact on sales. In addition, you should take into account that many of the free SSL-certificates (for example, StartSSL) cannot be used for commercial purposes.

Free SSL-certificates are available mostly only as a DV (Domain Validation)

Free certificates are issued often only to verification by domain. Such certificates are not available for Code Signing, EV, etc. which vastly limits their use.

The re-issue of free certificates is paid

Despite the general availability of free certificates, some services are still paid. For example, in StartSSL reissuance of free SSL-certificate is paid (to revoke the certificate you will have to pay $24). The re-issue procedure is needed to make any changes to the certificate.

Comparison SSL-certificates by brands

Comparative characteristic

StartSSL

Let's Encrypt

PositiveSSL

PositiveSSL Wildcard

Comodo EV

Cost of issue

Free

Free

$9*

$87*

$145*

Cost of reissue

$24.90

Free

Free

Free

Free

Protection of the primary domain (one)

Yes

Yes

Yes

Yes + all sub-domains

Yes

Additional protection domain with «www»

Yes

Yes

Yes

Yes

Yes

Green address bar with company name

—

—

—

—

Yes

Supporting wildcard

—

Yes

—

Yes

—

Display padlock icon

Yes

Yes

Yes

Yes

Yes

Trust Seal

—

—

Yes

Yes

Yes

Sales growth

No

No

Yes
(minimal)

Yes
(minimal)

Yes
(minimal)

Increase site positions in Google SERP

Yes

Yes

Yes

Yes

Yes

Suitable for

Non-commercial websites, blogs

Non-commercial websites, blogs

Non-commercial websites, blogs

Site network of companies, organizations

Websites of banks, online stores

Type of validation

By domain

By domain

By domain

By domain

Extended validation

Mobile support

Yes

Yes

Yes

Yes

Yes

Insurance

—

—

Medium

Medium

High

Support by browsers

Only major browsers

Only major browsers

All browsers (99.9%)

All browsers (99.9%)

All browsers (99.9%)

Length of the key

256bit

256bit

256bit

256bit

256bit

Encryption

SHA2

SHA2

SHA2

SHA2

SHA2

Protection of pages from changes

Yes

Yes

Yes

Yes

Yes

Guarantee**

—

—

10,000$

10,000$

250,000$

Recommended for individuals

Recommended for organisations

** If the certificate is compromised, the certificate authority will compensate any expenses by the company and losses on the part of customers. With free certificates there are no guarantees and any losses will be taken up by you yourself.

All of this suggests that free SSL-certificates are "cheese in a mousetrap". It is best to use proven paid solutions by known CAs. Prices on SSL-certificates are now available to all customers, which you can see on the LeaderTelecom site.