Free certificates: why you should not use them

Free SSL-certificates are seemingly very profitable and easy way to protect your site. Indeed, why buy something when you can get it all for free from a variety of certification authorities? Free certificates attract business owners, but in the end its lead to losses. Why? Let's look further.

Free SSL-certificates are rarely trusted by major companies

In order for large corporations to include the root key of the CA (certificate authority) in own products, the CA must meet numerous conditions, the implementation of which requires significant financial investment. To attract such investments without the offer of paid products is virtually impossible. For this reason, the certification authorities that provide free certificates often have paid solutions in their product line, which differ in additional advantages: speed of issue, the possibility of including sub-domains, enhanced authentication, etc.

Free certificates are not suitable for sites which take payments

Free SSL-certificates rarely used to protect online stores, banks, websites, microfinance institutions, or any other sites accepting payments, because it is completely unclear who owns the site. People have less trust in sites protected by free certificates, which can have a negative impact on sales. In addition, you should take into account that many of the free SSL-certificates (for example, StartSSL) cannot be used for commercial purposes.

Free SSL-certificates are available mostly only as a DV (Domain Validation)

Free certificates are issued often only to verification by domain. Such certificates are not available for Code Signing, EV, etc. which vastly limits their use.

The re-issue of free certificates is paid

Despite the general availability of free certificates, some services are still paid. For example, in StartSSL reissuance of free SSL-certificate is paid (to revoke the certificate you will have to pay $24). The re-issue procedure is needed to make any changes to the certificate.

Comparison SSL-certificates by brands

Comparative characteristic	StartSSL	Let's Encrypt	PositiveSSL	PositiveSSL Wildcard	Comodo EV
Cost of issue	Free	Free	$9*	$87*	$145*
Cost of reissue	$24.90	Free	Free	Free	Free
Protection of the primary domain (one)	Yes	Yes	Yes	Yes + all sub-domains	Yes
Additional protection domain with «www»	Yes	Yes	Yes	Yes	Yes
Green address bar with company name	—	—	—	—	Yes
Supporting wildcard	—	Yes	—	Yes	—
Display padlock icon	Yes	Yes	Yes	Yes	Yes
Trust Seal	—	—	Yes	Yes	Yes
Sales growth	No	No	Yes (minimal)	Yes (minimal)	Yes (minimal)
Increase site positions in Google SERP	Yes	Yes	Yes	Yes	Yes
Suitable for	Non-commercial websites, blogs	Non-commercial websites, blogs	Non-commercial websites, blogs	Site network of companies, organizations	Websites of banks, online stores
Type of validation	By domain	By domain	By domain	By domain	Extended validation
Mobile support	Yes	Yes	Yes	Yes	Yes
Insurance	—	—	Medium	Medium	High
Support by browsers	Only major browsers	Only major browsers	All browsers (99.9%)	All browsers (99.9%)	All browsers (99.9%)
Length of the key	256bit	256bit	256bit	256bit	256bit
Encryption	SHA2	SHA2	SHA2	SHA2	SHA2
Protection of pages from changes	Yes	Yes	Yes	Yes	Yes
Guarantee**	—	—	10,000$	10,000$	250,000$
			Recommended for individuals		Recommended for organisations

* When buying from LeaderTelecom: Free test period of 14 days – no need to enter credit card data or complete prepayments

** If the certificate is compromised, the certificate authority will compensate any expenses by the company and losses on the part of customers. With free certificates there are no guarantees and any losses will be taken up by you yourself.

All of this suggests that free SSL-certificates are "cheese in a mousetrap". It is best to use proven paid solutions by known CAs. Prices on SSL-certificates are now available to all customers, which you can see on the LeaderTelecom site.