Let’s encrypt, and any other ACME based certificate of authorities will let anyone without identity verification create a SSL cert that will work in any browser. This creates trust issues with certain clients browsing web. For example my work (50k+ employees) uses Zscaler to evaluate if a website is safe and it 100% will down-votes any site that uses let’s encrypt due to the lack of transparency. Zscaler will eventually block that website from employees if the score falls too low. Having an SSL cert that you pay for gives cyber security, firms - rightly or wrongly - an additional level of confidence that your identity has been verified.
Full disclosure: I use let’s encrypt on all my self hosted docker instances via Coolify which suits my needs. If I were to set up an ecommerce or other site that needs to guarantee trust, I would absolutely use a paid ssl cert.
hey I don’t make the trust rules. ZScaler is trash imo but hundreds of thousands of clients are ‘protected’ by their trust rules. People downvoting my post because it doesn’t wash with ‘the way things should be’ but in reality SSL certs are like email providers these days - if you aren’t paying with one of the big corps, a good portion of your web traffic (or email) might be blocked. Sad but true. There is a reason Let’s Encrypt and Cloudflare et al are heavily used by Crypto sites, and that is due to the anonymity they provide. If all you care about is encrypting traffic, use Let’s Encrypt. If you care at all about perception of trust, use paid SSL. simple.
these are subdomains of a verifiably certified root domain no doubt