Let's Encrypt

Let's Encrypt is a non-profit CA launched in 2014 by EFF, Mozilla and Cisco that issues DV certificates for free and fully automatically via the ACME protocol (RFC 8555). A certificate is valid for 90 days — renewal runs automatically via cron or built-in web-server logic (Caddy: native, nginx: certbot, Plesk/cPanel: one-click). Spam limits: 50 certificates per domain per week, 5 duplicates per week — practically never an issue for hobby or business sites. Let's Encrypt has supported wildcard certificates (*.example.com) since 2018, but only via the DNS-01 challenge (DNS API access required). Free CA alternatives: ZeroSSL (same model), Buypass (Nordic compliance cases).