With Google’s ongoing effort to mark websites running on HTTP as “Not Secure”, SSL/TLS certificates have become synonymous with website security. Consequently, people often turn to commercial and free wildcard SSL certificates as well as single domain certificates to encrypt their web traffic.
But what do SSL certificates do exactly? SSL/TLS certificates:
- Switch your site’s internet protocol from HTTP to HTTPS;
- Remove the Google security warning;
- Provide you with an encrypted communication channel; and
- Validate the identity of the server to the client browser.
There are different types of SSL/TLS certificates, and a wildcard SSL is one of them. Before getting into the differences between a free wildcard SSL certificate versus a paid one, let’s explore why we might need one in the first place!
Why Do I Need a Wildcard SSL Certificate?
A wildcard SSL certificate secures a website along with an unlimited number of subdomains at a specific level using one certificate. It’s a cost-effective solution that makes it easier to secure and manage multiple subdomains. A single certificate signing request (CSR) can be generated for the main domain and its subdomains. Only this particular certificate needs to be renewed and maintained in place of multiple SSL/TLS certificates for individual URLs.
Regardless of whether you choose to use a paid or free wildcard SSL certificate, it’s easy to see the benefit of it. But before you rush off to get a paid or free certificate, there are a few more things to know.
How Wildcard SSL Certificates Work
A wildcard SSL certificate is a public key certificate that secures the primary domain and an unlimited number of subdomains at one level.
Consider the following example:
Todd owns a website named domain.com with the following subdomains:
These are all first-level subdomains that can be covered under the same wildcard – *.domain.com.
However, wildcard SSL certificates are not the best choice for security-critical systems since a private key is shared amongst all subdomains across all servers[CC1] . You can, instead, opt for a multi domain SAN certificate and list your subdomains as SANs. With multi domain SAN certificates, you also have the option of choosing any of the three validation levels. Wildcard SSLs are never issued together with extended validation (EV) certificates for security reasons.
The Advantages of a Paid Wildcard SSL Certificate
Paid wildcard SSL certificates offer additional benefits apart from securing unlimited subdomains on a single certificate. For example, they can be issued with two validation level options — as a domain validated (DV), or an organization validated (OV) certificate.
Commercial wildcard certificates also come with added benefits and features that a free wildcard SSL certificate provider can’t support — such as a warranties if the encryption fails (highly unlikely), 24/7 customer support, complimentary trust seals, etc.
What to Know About a Free Wildcard SSL Certificate
The Internet Security Research Group (ISRG) is the organization behind Let’s Encrypt, which issues SSL/TLS certificates free of charge. A free wildcard SSL certificate offers the same level of encryption but without any warranty or support. Furthermore, the certificate is only valid for a period of up to 90 days (after which time it needs to be renewed).
As of now, Let’s Encrypt has an issuance rate limit of 50 certificates per registered domain per week. With paid certificate, there is no such limitation. Additionally, free wildcard SSL certificates can only be issued for the most basic validation level i.e., as a domain validation certificate.
If you are on an extremely tight budget and can risk downtime for your website, it’s a pretty decent option as opposed to not having an SSL/TLS certificate at all. But be sure to carefully manage and renew the certificates on time to avoid certificate outages that can leave your site vulnerable.
A Comparison: A Free Wildcard SSL Certificate vs Paid Wildcard SSL Certificate
The table below makes a quick comparison between free wildcard SSL certificates and their paid counterparts.
|Differentiator||Free Wildcard SSL||Paid Wildcard SSL|
|Encryption Strength||Free wildcard SSL has the same encryption strength as paid SSL/TLS certificates.||Paid wildcard SSL uses standard 256-bit encryption signed with a 2048-bit signature key.|
|Root||Free wildcard SSL certificates issued by Let’s Encrypt use the ISRG root (a recently recognized brand), which might not be supported by legacy clients.||Paid wildcard SSL certificates are issued by trusted third party CAs and are recognized by almost all browsers and systems.|
|Warranty||Free wildcard SSL certificates do not offer any warranty.||A Paid wildcard certificates come with warranties ranging upwards of $10,000 to offer protection in the unlikely event that the encryption fails.|
|Customer Support||Free wildcard SSLs don’t come with any direct customer support. They just have community support forums and documentation.||Provides easily accessible, 24/7 customer support to help resolve your issues.|
|Site Seal||Free wildcard SSLs do not come with a trust seal.||Paid wildcard SSLs are issued with trusted site seals for your website.|
|Validation Level||Free wildcard SSL certificates can only be issued at the domain validated level.||Paid wildcard SSLs can be issued for two levels of validation — domain validation and organization validation.|
|Validity Period||Free wildcard SSLs are valid up to a period of 90 days — after which time they must be renewed. Even with auto renewal, there are several technical run-ins (failed domain control authentication, issues with .config file, etc.) you may experience.||Paid wildcard certificates are valid for a maximum of two years beyond which they need to be renewed. This means that for every single wildcard certificate renewal, you would have had to renew your free wildcard certificate 4 times each year.|
Which One Should I Choose?
Free wildcard SSL certificates come at zero cost, and arguably that is a huge benefit in and of itself. Based on the type of business you own, you need to ask yourself if you can live with no warranty, site seals, or customer support. Realistically, if the cost isn’t your only determining factor, and you can consider looking at some affordable paid SSL alternatives, our recommendation is to err on the side of caution.
Secure Unlimited Subdomains with One Wildcard SSL Certificate – Save 50%
Save 50% on Sectigo Wildcard SSL Certificates. It includes unlimited server licenses, reissuances, 256-bit encryption, and more.