Is let'sEncrypt SSl slower than regular dedicated SSL ?

February 3, 2018 616 views
Nginx Let's Encrypt Ubuntu 16.04

Hi all,

Just wondering if there is any performance difference between using SSL by means of let'sEncrypt or just a paid SSL certificate through for example Comodo ...

Anyone know if there's a difference ?

Thanks,
Lex

3 Answers

In most ways, what CA you're using doesn't affect performance. If it does affect performance, Let's Encrypt is probably one of the faster CAs.

When you're running the same algorithms to verify cryptographic signatures, it doesn't really matter what the names involved are.

Some of the choices a CA makes can affect performance -- for example, if they use larger and slower 4096-bit RSA intermediate or root certificates. Let's Encrypt doesn't.

For the limited number of clients that use OCSP to check whether certificates are revoked, if the CA's OCSP servers are slow, that would make connecting slower. Let's Encrypt should have one of the faster OCSP setups. But most clients don't check OCSP, and some servers can avoid the issue if they have a good OCSP stapling implementation.

In any case, I'm just being pedantic. It doesn't matter. You'll almost certainly never notice a "performance" difference between different CAs.

Thanks for the answer ... I appreciate it ..

I actually have another question : I have a regular SSL certificate (still valid) (domain certificate) ... However I find setting it up on the server a pain. I didn't know about let'sencrypt when I got it ...

Is it possible to just use let'sencrypt for the domain that already has a (right now not configured) dedicated SSL certificate associated with it ? And if yes, could that bring up any sort of issues whatsoever ?

No problem at all. You can issues as many certificates for a domain as you want.
Be careful with the "old" certificate, as it is still valid make sure that you did not put the private key somewhere accessible to someone else, it needs to be kept as a secret even if you do not use it. If you really don't need the certificate anymore, you might actually want to revoke it.

Have another answer? Share your knowledge.