SSL/TLS Server Certificates - Let's Encrypt Certificate Automation
| Let's Encrypt | Incommon/Sectigo |
| Automated Certificate Renewals | Manual generation of CSR and installation of certificates |
| 90-day lifetime, suggested 60-day automated renewal. | Requires yearly renewal |
| Best for: Managing numerous certificates | Best for: Managing individual certificates |
| Free | The University pays for Incommon/Sectigo Services |
| DCV renewal automated | DCV required each year (not *.wisc.edu or *.wisconsin.edu) |
A trusted CA (Certificate Authority) is a trusted CA and what's most important is to use SSL/HTTPS and if you can make it less painful and cost-effective all the better.
Let's Encrypt provides free, automated, open and trusted security certificate authority (CA) for server admins/website owners to obtain trusted security certificates within minutes. It will also automatically renew them over time without the manual intervention for renewal. Certificates provided by Incommon/Sectigo require manual renewal every year due to newer industry standards.
The UW Madison SSL server certificate services does not directly support end-user local systems, for their generation of CSRs, installing certs, etc. on said systems and that is the case whether that is Incommon or Let's Encrypt. We provide the means to obtain/deliver the certificates with Incommon but those who use Let's Encrypt can self-service and automate.
-- If interested please see the ample documentation for using it on multiple platforms at https://letsencrypt.org/about/
-- Tracking for Let's Encrypt maintenance or outages: https://letsencrypt.status.io