Question

Is let'sEncrypt SSl slower than regular dedicated SSL ?

Hi all,

Just wondering if there is any performance difference between using SSL by means of let’sEncrypt or just a paid SSL certificate through for example Comodo …

Anyone know if there’s a difference ?

Thanks, Lex

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

jnughFebruary 4, 2018

No problem at all. You can issues as many certificates for a domain as you want. Be careful with the “old” certificate, as it is still valid make sure that you did not put the private key somewhere accessible to someone else, it needs to be kept as a secret even if you do not use it. If you really don’t need the certificate anymore, you might actually want to revoke it.

Lex GabreesFebruary 3, 2018

Thanks for the answer … I appreciate it …

I actually have another question : I have a regular SSL certificate (still valid) (domain certificate) … However I find setting it up on the server a pain. I didn’t know about let’sencrypt when I got it …

Is it possible to just use let’sencrypt for the domain that already has a (right now not configured) dedicated SSL certificate associated with it ? And if yes, could that bring up any sort of issues whatsoever ?

Matt NordhoffFebruary 3, 2018

In most ways, what CA you’re using doesn’t affect performance. If it does affect performance, Let’s Encrypt is probably one of the faster CAs.

When you’re running the same algorithms to verify cryptographic signatures, it doesn’t really matter what the names involved are.

Some of the choices a CA makes can affect performance – for example, if they use larger and slower 4096-bit RSA intermediate or root certificates. Let’s Encrypt doesn’t.

For the limited number of clients that use OCSP to check whether certificates are revoked, if the CA’s OCSP servers are slow, that would make connecting slower. Let’s Encrypt should have one of the faster OCSP setups. But most clients don’t check OCSP, and some servers can avoid the issue if they have a good OCSP stapling implementation.

In any case, I’m just being pedantic. It doesn’t matter. You’ll almost certainly never notice a “performance” difference between different CAs.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up