Ask HN: Is Let's Encrypt Harmful? I've just learned about Let's Encrypt, and it made me a little bit worried. Now, I'm afraid (correct me please if I'm wrong) I cannot easily say if the server I'm talking to is the one I think I'm communicating with; the https protocol and SSL certificates are there only to ensure message confidentiality, but not server identity. Here are my questions: 1. Is there a way to check in a browser if the current domain's certificate has been issued by Let's Encrypt? 2. Should I trust domains with Let's Encrypt-issued certificate less than those with paid certificates with identity validation? Perhaps my questions display lack of understanding of some fundamental concept of SSL. If that's the case, I'm happy to learn! |