Start with Identity
PKI

Let's Encrypt

Founded 2015San Francisco, California, USANonprofit (Internet Security Research Group)Score 4.3/5Evaluated 2026-07-03Website ↗

Capability scores

Methodology →
Authentication
2.5
SSO & Federation
2.0
Authorization
2.0
Lifecycle & Provisioning
4.0
MFA & Passwordless
2.0
Governance & Audit
3.0
Developer Experience
4.5
Deployment Flexibility
4.0
Pricing Transparency
5.0
Support & Ecosystem
4.0

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

Let's Encrypt is a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG). It issues the TLS certificates that secure a large share of the public web, entirely through the ACME protocol.

What it is good at

It made HTTPS free and automatic. Certificates are issued and renewed via ACME with no cost and no manual steps, which is why it underpins so much of the web and integrates with virtually every server, CDN, and hosting platform. Its transparency and nonprofit governance are a public good.

Where it falls short

It issues only domain-validated, short-lived public TLS certificates. It is not a private CA and does not cover device, workload, code-signing, or enterprise identity certificates, and there is no commercial support.

Pricing

Free, funded by sponsors and donations to ISRG.

Best for, and who should look elsewhere

Choose Let's Encrypt for free, automated public TLS. Look elsewhere for private-CA, device, or enterprise certificate needs (see EJBCA or DigiCert).

Bottom line

The free, automated CA that made HTTPS universal, ideal for public TLS and ACME-based automation.

By SWI Community Team · Last evaluated 2026-07-03

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to [email protected].