CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

SSL/TLS Certificate Types

networking Intermediate

Also Known As

DV certificate EV certificate wildcard certificate Let's Encrypt

TL;DR

DV (automated domain validation), OV (organisation verified), EV (deprecated green bar), Wildcard — Let's Encrypt provides free DV with automated 90-day renewal.

Explanation

DV: CA verifies domain control via DNS or file challenge; issued in minutes; Let's Encrypt is the standard. OV: CA verifies the organisation is real; 1-3 days. EV: rigorous identity verification; browsers removed the green bar in 2019. Wildcard (*.example.com) covers all first-level subdomains. Certbot automates 90-day renewal via the ACME protocol.

Common Misconception

EV certificates provide significantly better security than DV — both use identical encryption; the difference is identity validation which browsers no longer visually distinguish; DV with HSTS is sufficient for most uses.

Why It Matters

Paying for OV/EV when Let's Encrypt DV is sufficient wastes money — understanding types enables choosing the right option for the security requirement.

Common Mistakes

  • Manual certificate renewal — expires and causes downtime
  • Wildcard cert scope — *.example.com does not cover sub.sub.example.com
  • Private key not stored securely
  • No HSTS header — allows downgrade attacks

Code Examples

✗ Vulnerable 
# Manual certificate management — expires, causes downtime:
# Install cert manually every 12 months
# Cert expires: users see 'Your connection is not private'
# Fix: scramble to renew, 2-4 hours downtime
✓ Fixed 
# Let's Encrypt with automatic renewal:
sudo certbot --nginx -d example.com -d www.example.com
# Cron auto-renews 30 days before expiry

# HSTS header after cert is working:
# Strict-Transport-Security: max-age=31536000; includeSubDomains
Added 16 Mar 2026
Edited 22 Mar 2026
Views 28

Curated in Warsaw under one editorial standard. 1,444 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings W 0 pings T 1 ping F 2 pings S 0 pings S 1 ping M 0 pings T 0 pings W 0 pings T 1 ping F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 2 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 1 ping F 1 ping S 0 pings S 0 pings M 1 ping T 0 pings W 0 pings T
Agents 0
No pings yet today
No pings yesterday
Amazonbot 8 Perplexity 6 Unknown AI 2 Ahrefs 2 Google 2
Also referenced
Encryption in Transit 33 TLS Handshake 18 Certificate Transparency Logs 16
How they use it
crawler 20
Related categories
networking 498 cryptography 417
DEV INTEL Tools & Severity
🟠 High ⚙ Fix effort: Medium
⚡ Quick Fix
Use Let's Encrypt for automated free DV certificates; wildcard *.example.com covers all subdomains; always automate renewal — manual certificate management causes outages
📦 Applies To
any web
🔗 Prerequisites
🔍 Detection Hints
Self-signed certificate in production; certificate expiry not monitored; no auto-renewal configured; CURLOPT_SSL_VERIFYPEER disabled due to cert issues
Auto-detectable: ✓ Yes certbot ssllabs ssl-cert-check datadog
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Low ✗ Manual fix Fix: Medium Context: File
CWE-295
✓ schema.org compliant