What is the main difference (may be pro/con list) between buying a custom SSL certificate and getting one from Free certificate provided by Let's Encrypt. This is all about just having simple https in our Web Application
P.S I believe you understand what I am trying to do.
The main practical difference is to be trusted in all browsers and third party systems, for example Android, iOS or Windows.
Lets encrypt has taken this restriction into account and has proposed a solution that you can read on its website https://letsencrypt.org/certificates/
Our intermediate is signed by
ISRG Root X1. However, since we are a very new certificate authority,ISRG Root X1is not yet trusted in most browsers. In order to be broadly trusted right away, our intermediate is also cross-signed by another certificate authority,IdenTrust, whose root is already trusted in all major browsers. Specifically, IdenTrust has cross-signed our intermediate using their DST Root CA X3.
That is, in fact, their certificates are signed by a trusted 'usual' CA. So in practice there is no difference
Take a look at letsencrypt's own web certificate, it is signed by DST Root CA X3 (IdenTrust)
I have checked if CA is present in some keystore:
Full list here: https://letsencrypt.org/docs/certificate-compatibility/
