www.startcomca.com
1 vote c/freepost Posted by winx — 1 votes, 4 commentsSource

https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Either way, use Let’s Encrypt

Is there any reason not to use Let’s Encrypt? Especially large companies, it looks like they keep buying expensive certs instead of Let’s Encrypt. Maybe it’s only a matter of trust or fear of change?

I don’t think so, no. Maybe to get a fancy name in the green lock-icon bar in major browsers (OVs and EVs), for example here: https://www.gandi.net/en it says “Gandi SAS [FR]” for me instead of the usual “Secure”. There’s this: https://security.stackexchange.com/questions/90972/are-there-any-downsides-to-using-lets-encrypt-for-a-websites-ssl-certificates which mentions no wildcard certs (but they are coming in january 2018!) Then there’s the “[…] the major downside of using a Let’s Encrypt certificate: a reduced compatibility compared to other older competitors.” where the context is some old software like windows xp doesn’t recognize LE certs, but I’m not sure how accurate that is anymore.

I think the fancy names like “Gandi SAS [FR]” are reserved to people/organizations that have been thoroughly verified (think face-to-face vs an automatic request). I don’t know if Let’s Encrypt supports any of these “highly trusted” verification methods.