[netheril96]

I prefer ZeroSSL to Let's Encrypt. ZeroSSL has no rate limit, and most importantly they have full ECC support. With Let's Encrypt, even if I request for an ECC cert, the intermediate CA is still RSA, drastically increasing the certificate size (they have their reasons of compatibility, but I don't care about that).

[Ayesh]

LetsEncrypt now has an ECC root and intermediates. You have to request the account ID to be included, and after which, the intermediate and root certificates will be ECC. More information here: https://community.letsencrypt.org/t/ecdsa-availability-in-pr...

[netheril96]

The alternative you suggest has a longer chain of certificates, and more difficult setup. Using ZeroSSL is way easier with less bytes on the TLS handshake.

[Ayesh]

Do you have a test host with the Zerossl chain that you speak of? Use https://aye.sh if you want to try a host using the ECC chain from LE.

[netheril96]

So the article is outdated I guess. The length of the chain is the same now.

I'll consider switching back to Let's Encrypt once this setup doesn't require a whitelist.