1 vote by winx — 1 votes, 4 comments

Is there any reason not to use Let's Encrypt? Especially large companies, it looks like they keep buying expensive certs instead of Let's Encrypt. Maybe it's only a matter of trust or fear of change?

I don't think so, no. Maybe to get a fancy name in the green lock-icon bar in major browsers (OVs and EVs), for example here: https://www.gandi.net/en it says "Gandi SAS [FR]" for me instead of the usual "Secure". There's this: https://security.stackexchange.com/questions/90972/are-there-any-downsides-to-using-lets-encrypt-for-a-websites-ssl-certificates which mentions no wildcard certs (but they are coming in january 2018!) Then there's the "[...] the major downside of using a Let's Encrypt certificate: a reduced compatibility compared to other older competitors." where the context is some old software like windows xp doesn't recognize LE certs, but I'm not sure how accurate that is anymore.

I think the fancy names like "Gandi SAS [FR]" are reserved to people/organizations that have been thoroughly verified (think face-to-face vs an automatic request). I don't know if Let's Encrypt supports any of these "highly trusted" verification methods.