Are there any downsides to using Let's Encrypt for a website's SSL certificates?
Let's Encrypt is a Certificate Authority, and they have more or less the same privileges and power of any other existing (and larger) certificate authority in the market.
As of today, the main objective downside of using a Let's Encrypt certificate is compatibility. This is an issue that any new CA faces when approaching the market.
In order for a certificate to be trusted, it must be signed by a certificate that belongs to a trusted CA. In order to be trusted, a CA must have the signing certificate bundled in the browser/OS. A CA that enters the market today, assuming they are approved to the root certificate program of each browser/OS from day 0 (which is impossible), will be included in the current releases of the various browser/OS. However, they won't be able to be included in older (and already released) versions.
In other words, if a CA Foo joins the root program on Day 0 when the Google Chrome version is 48 and Max OSX is 10.7, the Foo CA will not be included (and trusted) in any version of Chrome prior to 48 or Mac OSX prior to 10.7. You can't retroactively trust a CA.
To limit the compatibility issue, Let's Encrypt got their root certificate cross-signed by another older CA (IdenTrust). This means a client that doesn't include LE root certificate can still fallback to IdenTrust and the certificate will be trusted... in an ideal world. In fact, it looks like there are various cases where this is not currently happening (Java, Windows XP, iTunes and other environments). Therefore, that's the major downside of using a Let's Encrypt certificate: a reduced compatibility compared to other older competitors.
Besides compatibility, other possible downsides are essentially related to the issuance policy of Let's Encrypt and their business decisions. Like any other service, they may not offer some features you need.
Here's some notable differences of Let's Encrypt compared to other CAs (I also wrote an article about them):
LE doesn't currently issue wildcard certificates (they will begin issuing wildcard certificates on Jan 2018)LE is now issuing wildcard certificates using the updated ACMEv2 protocol- LE certificates have an expiration of 90 days
- LE only issues domain- or DNS-validated certificates (they don't plan to issue OV or EV, hence they only validate ownership and not the entity requesting the certificate)
- Current
very-restrictiverate limiting †(they will continue to relax the limit while getting closer to the end of the beta)
The points above are not necessarily downsides. However, they are business decisions that may not meet your specific requirements, and in that case they will represent downsides compared to other alternatives.
† the main rate limit is 20 certs per registered domain per week. However this does not restrict the number of renewals you can issue each week.
The reason to use Let's Encrypt can be the price. Those certificates will be for free.
But I see one possible disadvantage for nonsmall web sites. Big CA offer wildcard certificates, Extended Validation certificates which have some advantages (from my point of view). Moreover this program is directed to web servers, but what if you have some application server or you want to secure mail server
Update: Currently is possible to request certificate, not binded to web servers. So my last argument is not valid anymore. here is some example of using this option:
./letsencrypt-auto certonly --standalone -d example.com
Update2: From January 2018 Let's Encrypt will begin issuing wildcard certificates
Wildcard Certificates Coming January 2018
Jul 6, 2017 • Josh Aas, ISRG Executive Director
Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS.
So one more argument is not valid anymore.
One disadvantage that makes big companies not consider Let's Encrypt is that visitors that connect to the site can't be sure that it is the actual company that hosts the site.
This is because Let's Encrypt issues certificates for a domain free of charge without identity validation (personal or corporate) (Let's Encrypt only offers domain validation).
Edited to add:
For the purpose of secure transmission this is not a big problem. But, if you want to verify that it is the actual company you were looking for that holds the domain name a whois
lookup may not be enough. Class 2 or 3 or EV certificates have the advantage that the company and domain are verified by the certificate authority.