Now you do not need to pay for DV (domain validated) TLS / SSL certificates (hereinafter referred to simply «TLS»). Symantec, the dominant player in the SSL market, is going to give certificates for free as part of a partnership program with the hosting service called Encryption Everywhere.
Free open-source CA Let’s Encrypt, under the authority of Security Research Group Internet (ISRG), appeared on the Internet in September last year. They recently released their millionth certificate.
Symantec believe that users recognize and trust the Symantec name more than Let’s Encrypt, but even so, these people are making a mistake. Regardless of who gives DV certificate, it says very little about the authenticity of the site.
TLS Certificates serve two functions: provide the public key to encrypt communications and provide authentication for site. Encryption can always be done using a self-signed certificate that you can make yourself for free. The problem is that modern browsers give up to 5 alerts while browsing the site, working with self-signed certificate, and make you click several times to make sure that you are aware of what you are doing. This approach is strange, given that browsers do not irritate you when you get to the site without the TLS-certificates.
This approach also assumes that the DV-certificate issued by a trusted CA, shows a significant level of authentication. But is it? Yes, but not at a high enough level to normal users who are not check the certificates of site. Anyone can easily get a free DV certificate from a respectable Let’s Encrypt.
There are stronger forms of TLS Certificates: OV (Organization Validation) and EV (Extended Validation).
Obviously, receiving OV more costly and requires human intervention, as compared to an automated issuing process for DV-certificates. EV certificate requires even greater human involvement and expenditure.