All Posts

119 | Beyond Let's Encrypt: Overview of the Best Free SSL/TLS Alternatives

2025-10-10

Thanks to Let’s Encrypt HTTPS has become the standard for the entire internet. This project made it possible for any site administrator to get a free SSL certificate in just a few commands. But other players have appeared on the market, offering more convenience, integrations, and flexibility.

If you want to try something besides Let’s Encrypt — below is an overview of the most reliable and popular alternatives.

1. ZeroSSL — same automation, but with a friendly interface

ZeroSSL (Austria) — the main competitor to Let’s Encrypt. It is fully compatible with the same ACME protocol, but emphasizes convenience.

SSL certificates via DNS: automating Let’s Encrypt issuance

2025-10-06

Introduction

Let’s Encrypt is the standard for obtaining free TLS certificates. Most often certificates are issued via the HTTP-01 method, which requires a reachable web server on port 80. However, for internal services or wildcard certificates (for example, *.example.com) it is more convenient to use DNS-01, which verifies domain ownership via TXT records in DNS and does not require open ports.

This article covers:

• Issuing certificates via the Cloudflare API,
• Issuing certificates via Amazon Route 53 (AWS),
• Integration with web servers Nginx, HAProxy and Traefik,
• Automation of certificate renewal.

Note: Instructions are relevant for Certbot 2.x, acme.sh 3.x, Nginx 1.18+, HAProxy 2.4+, Traefik 2.x on Linux (Ubuntu/Debian). For other OSes or tool versions adjustments may be required.