4 Certificate Authorities to use with Let’s Encrypt SSL certificates

Let's Encrypt

Let’s Encrypt is a nonprofit Certificate Authority (CA) providing TLS certificates to, at the latest count, more than 260 million websites, this website included. You can read the whole history on the service’s Wikipedia page. The service started with Let’s Encrypt as it’s CA. Now the number of CAs has risen to 4. Here in this post, I name all 4 CAs that you can use with Let’s Encrypt SSL certificates.

Keep this in mind: Let’s Encrypt is supported by a nonprofit organization. The other CAs are commercial entities.


1. Let’s Encrypt

With the Let’s Encrypt CA, domain owners can issue SSL certificates for their domain with a lifetime of 90 days. configured to renew automatically, usually a month before expiration. All such certificates are free of of charge. It used to be the lone and, thus, the default CA, but that has changed. If your website’s certificate was recently renewed, you probably didn’t notice that the CA was switched to ZeroSSL, a very unpopular choice, as you’ll read further down. To switch back to Let’s Encrypt CA, use the command given in the following command.

acme.sh --set-default-ca  --server  letsencrypt


2. Buypass

Buypass is a Norwegian company that offers a broad range of consumer and enterprise security and digital identity services. Their TLS/SSL certificates are free for one or more domains, just like Let’s Encrypt’s. Buypass Go SSL, is the company’s SSL certificates issued using their Automated Certificate Management Environment (ACME) API, with a lifetime of 180 days. Note: I haven’t used the Buypass CA, so I’m relying on the info on their website. If your experience with their CA differs from what you just read, feel free to post a comment. To set the Buypass CA as the default, use the following command:

acme.sh --set-default-ca  --server buypass


Related Post:  Casino Life: Games that exploded on the App Store

3. SSL.com

SSL.com (that’s the name of the company) offers free Let’s Encrypt TSL/SSL certificates with the same lifetime as that of a Let’s Encrypt CA, which is 90 days. The company is based in the US. More info about their TLS/SSL certificates with ACME is available here. Use the following command to set the SSL.com CA as the default:

acme.sh --set-default-ca  --server sslcom


4. ZeroSSL

Like the Norway-based Buypass, ZeroSSL is based in Europe (UK and Austria) and offers a limited number of free TLS/SSL certificates with a lifetime of 90 days. If you recently renewed or issued a new Let’s Encrypt SSL certificate, ZeroSSL is now your default CA. The decision to switch default CA to ZeroSSL is obviously a business one for Let’s Encrypt, but it is bad for end users for this very simple reason: The number of free, 90-day certificates you can issue is capped at 3. A comparison of all the company’s offerings are available here. When I found out about the switch and read up on the company, I immediately switched back to using the Let’s Encrypt CA and deleted all mentions of ZeroSSL from the server. To switch from the ZeroSSL CA, simply execute the command given for one of the other CAs.

Related Post:  Create a standard user account on Kali Linux


My recommendation

It’s obvious from the foregoing that I’m not in favor of the switch to the ZeroSSL CA as the default, so which of the other three would I recommend? I still use the Let’s Encrypt CA,

but Buypass’s certificates have a longer lifetime – 180 days, compared to 90 days for the other CAs
Given that these certs are auto-updated, is a longer lifetime really VIP to you? x
. When next I have to issue a new certificate or renew an existing one, I wouldn’t mind specifying Buypass as the CA.


Share on facebook
Share on twitter
Share on pinterest
Share on linkedin

Newsletter: Subscribe for updates

Notify of
Inline Feedbacks
View all comments

Get the latest

On social media

Security distros

Linux distros for hacking and pentesting

Crypto mining OS

Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash
Hya, what do you think? Please comment.x
Algorithm 2020

Did you get your ticket yet?

Algorithm 2022 is a 3-day conference on blockchain, cryptocurrencies and AI set for Feb. 10 – 12, 2022, in Dallas. Speakers from the US Air Force, Ministry of Digital Transformation, Ukraine, and more. click that button to learn more and get your ticket. Use BSD20 code for 20% off ticket price.