Wikipedia:Reference desk/Archives/Computing/2020 March 5

From Wikipedia, the free encyclopedia
Computing desk
< March 4 << Feb | March | Apr >> March 6 >
Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.


March 5[edit]

Is Let's Encrypt a good provider for SSL[edit]

Is it safe to use Let's Encrypt as I run a website and want to secure it as its http right now and many devices are removing http support so its required to use https. Also is it good for SEO. Dq209 (talk) 16:48, 5 March 2020 (UTC)[reply]

Dq209, Let's Encrypt does not affect SEO afaik.
It is safe to use Let's Encrypt, there should be no issues with it. —moonythedwarf (Braden N.) 17:21, 5 March 2020 (UTC)[reply]
I'm tempted to say that not using HTTPS has negative effects on SEO due to security, but I have no proof, so i'll just put this here in case someone who knows more than me feels like confirming or denying —moonythedwarf (Braden N.) 17:23, 5 March 2020 (UTC)[reply]
It's not really 'security' per se that has a negative effect. Rather Google (and probably other other search engines) penalise websites which are HTTP / rewards websites which are HTTPS. See e.g. [1]. They may be doing this for end user security reasons, at least they say that's the reason and there's good cause to believe them. But the point is from a pure SEO standpoint the thing that matters does this help or harm my ranking, and could that change? Understanding why can help in understanding what to do, how much an effect it has and whether it's likely to change and; but ultimately if it's well accepted they're doing it, it doesn't matter why. Nil Einne (talk) 09:55, 6 March 2020 (UTC)[reply]
Search Engine Optimization (SEO) Starter Guide recommends that all websites use https:// when possible. Let's Encrypt (Digital Signature Trust Co.) is included in CA list in my browser (Firefox on Windows). In my opinion, Let's Encrypt is 'good enough' free provider for SSL. manya (talk) 06:04, 6 March 2020 (UTC)[reply]
  • For SEO, see above. For HTTPS: Let's Encrypt certificates are just as valid and just as hard to brute-force that certificates originating from other certificate authorities (CA).
However, brute-forcing the crypto is almost never how HTTPS breaches happen. Whether a given certificate is "safe" depends a lot on your threat model; for instance, are protocols for issuance better-designed at Let's Encrypt than (say) DigiCert's? I doubt anyone here can tell you, because people who find vulnerabilities in HTTPS implementations either are security researchers (who make a responsible disclosure because they want it patched) or black hats (who do not disclose it because they do not want it patched), and neither of them will tell you about a vulnerability until it is patched. TigraanClick here to contact me 13:08, 6 March 2020 (UTC)[reply]
Let's Encrypt did have an issue with some cerificates, which is now fixed: [2]. RudolfRed (talk) 16:55, 6 March 2020 (UTC)[reply]
Technically not an issue with the certificates but with the issuance process. Nothing that hasn't been suffered already by CAs you'd have to pay $300+/yr. @OP Let's Encrypt is perfectly fine. 93.142.81.174 (talk) 23:54, 7 March 2020 (UTC)[reply]