SSL certificate maximum validity is being reduced to 200 days from March 2026. Read more →

SSL Certificates

Cheap SSL DV SSL Wildcard SSL Multi-Domain (SAN) OV & EV SSL

Specialty Certificates

Code Signing Document Signing Email / S/MIME VMC / BIMI
In effect now Certificate Lifetime

Automation

Overview Auto DNS FairSSL vs Let's Encrypt

Platforms

Windows Setup Linux & Kubernetes Appliances ACME Clients

Tools

SSL Scanner Certificate Decoder CAA Generator

Guides

Windows Server Linux & Open Source All guides

Company

About Us Contact Installation Service
News

Language

Dansk Svenska English

Currency

Login Create Account

SSL Automation

FairSSL vs Let's Encrypt

Let's Encrypt is free and works well for simple setups. But when you operate multiple servers, need OV certificates, or want central administration and monitoring, managed SSL is the right solution.

The full comparison

Scroll right to see more providers

Feature FairSSL Let's Encrypt
Certificate types DV, OV DV
Certificate validity 1–199 days 90 days (6 days announced)
EAB (account binding)
Supports multiple CAs
ACME client monitoring
Expiry alerts & reports Email lists, daily/weekly/monthly
Certificates per domain No limit 50 per week
Duplicate certificates 1,000 5 per week
Names per certificate (SANs) 250 100
Wildcards allowed ✓ (requires DNS API key)
DNS validation AutoDNS — set and forget Requires DNS API key on client
Centralised management
Per-profile wildcard control
Per-client SAN locking
Order period 1–3 years No order, 90 days at a time
Installation guides ✓ Step-by-step Community documentation
Debug event log ✓ Full traceability
ARI (smart renewal) Partial
Support Phone & email Community forum
EAN invoicing

* SSL.com’s free certificates are only issued when the account has no funds for a paid certificate. It is not a standalone free service.

Price comparison: Real scenarios

Let's Encrypt is free. But competitors sell automation licenses per server. FairSSL sells certificates, not licenses.

Scenario FairSSL Let's Encrypt
1 domain (e.g. www.company.com) €79/yr €0 + your time
Sectigo PositiveSSL €45 + ACME automation €34
Wildcard (*.company.com) €195/yr €0 + your time
AlphaSSL Wildcard €160 + ACME automation €34
Wildcard on 10 servers €195/yr €0 + your time
Same certificate. Additional ACME clients cost nothing extra.

FairSSL prices per certificate, not per server. Install the same certificate on 10 or 100 servers for the same price. Let's Encrypt is free, but you are responsible for setup, troubleshooting and monitoring.

When to choose which?

Choose FairSSL when:

  • You have security requirements and don't want to open ports or give DNS keys to servers
  • You need OV certificates (organisation validation)
  • You need a central overview and monitoring
  • You want easy setup guides
  • You want support you can call or email quickly
  • You want to automate domain validation securely with Auto DNS
  • You want to lock ACME clients to specific names
  • You want to troubleshoot centrally from the control panel
  • You want to lock firewalls to the ACME server IPs
  • You need to recover many servers quickly (no rate limits on issuance)
  • You are a public sector organisation (Electronic invoicing)

Let's Encrypt is fine when:

  • You primarily have websites open to the internet
  • You can validate all FQDNs in the certificate using HTTP on port 80
  • You only need DV certificates
  • You don't need multiple certificates with same content (duplicate limit)
  • You don't need monitoring of expiry or errors
  • You have 1-3 servers and don't need central administration
  • You don't need to recover many servers simultaneously (rate limits block mass reissue)
  • 90-day certificates are OK (more renewal points that can fail)
  • You can handle setup and troubleshooting yourself

Questions about FairSSL vs Let's Encrypt

Find answers to the most common questions about SSL certificates and FairSSL.

The encryption itself is valid DV. But the standard setup can create security holes: HTTP-01 validation requires port 80 to be open to the server, and DNS-01 typically requires the server to have DNS API keys with access to modify all DNS records. Both expand the attack surface unnecessarily. FairSSL Auto DNS solves domain validation via a permanent CNAME, with no open ports or DNS keys on the server.
Yes. Change the ACME server URL in your client (Certbot, acme.sh, simple-acme) to the FairSSL directory. The next renewal will fetch the certificate from us.
No limits on the number of paid certificates per domain, up to 1,000 duplicates and 250 names (SANs) per certificate. We have high request rate limits to prevent errors and misuse, but they do not affect normal operations. Perfect for disaster recovery, scaling and large installations.
Yes. Wildcard certificates require DNS validation, and Auto DNS handles this automatically. Create the CNAME for the base domain (e.g. _dnsauth.example.com), and it covers both example.com and *.example.com.
ZeroSSL offers free DV certificates via ACME, but with limitations: max 3 free certificates per domain, no free wildcards, and 90-day validity. Paid plans offer OV/EV but are more expensive than FairSSL.

Contact us

Create a free account and issue your first certificate in under 10 minutes.

Create free account Compare certificates