✓ Solved

letsencrypt - How do I get a Grade A SSL Certificate?

I have used certbot to get some SSL certificates for my domains. But I saw when I test using: https://www.ssllabs.com/ssltest that all my certificates are Grade B.

Can I get a Grade A SSL certificate for free? If so, what must I do?

3 Replies

Hi There!

I located on the letsencrypt forums a page detailing how to get an A+ rating:

It's pretty detailed, and it does speak specifically to nginx. The principles should remain the same to any web-server software. Primarily making sure that you are utilizing an up to date TLS version

Reading through the guide, it's also critical that you are using 4096-bit RSA, or secp256 when generating the key.

Depending on who is accessing your website, being grade A+ may also decrease accessibility. If you know that all clients will be up to date with their systems (or just prefer the security) - aim for that A+ for sure. Otherwise, just understand it could also come with issues for clients that are not on the current standards (TLS for example). Most modern browsers should be utilizing these newer standards by default, older non-supported browsers will likely not.

Letsencrypt Forums would also be a great location to ask for stack specific changes.

So what you're saying is that Grade A+ won't get me more people to my site - and that it has down sides. So if Grade B is ok, then I'll rather leave it at that. I know for a fact quite a lot of my users are using old technology.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct