WebPagetest Forums
Let's Encrypt free SSL will make my site slow ? - Printable Version

+- WebPagetest Forums (https://www.webpagetest.org/forums)
+-- Forum: Web Performance (/forumdisplay.php?fid=3)
+--- Forum: Optimization Discussions (/forumdisplay.php?fid=5)
+--- Thread: Let's Encrypt free SSL will make my site slow ? (/showthread.php?tid=14274)

Let's Encrypt free SSL will make my site slow ? - uniqfree - 04-12-2016 02:26 AM


I just intalled Let's Encrypt free SSL for my new website at https://www.topwebhosting.tech and seem it makes site load slower.

Before install Let's Encrypt my site got around 4s to load but after install Let's encrypt it takes more than 5s to load.

Should I remove SSL ?

and I got only D for "Keep-alive Enabled". How to get better result at this point, I don't readly understand this


RE: Let's Encrypt free SSL will make my site slow ? - akshayranganath - 04-12-2016 02:42 AM

If you're planning to turn on HTTP2, you'd need to have the website on SSL. That being said, your server signature indicates an openssl version that may not support HTTP2. For more on H2, refer to this great article by Ilya Grigorik:

Note that there are indications that Google is considering secure site HTTPS as a ranking signal. So it would help your SEO as well:

That being said, you could re-order the way resources are loaded to make your site render faster. For example, your custom fonts are loading at requests 28 through 30. The moment they are available, your browser tries to show the content. You could tweak the CSS such that a default font is used to render and then it is replaced by the webfont once it is available. You could try to use this css property to help things along

It'll display using backup font and then replace with the webfont when it is available.

As always, please test and see if the behavior is acceptable to your marketing and if your user base likes it.

RE: Let's Encrypt free SSL will make my site slow ? - beyondstop - 04-12-2016 05:18 AM

You may want to check with your hosting provider and the server(s) you have from them. As akshayranganath mentioned, for various reasons, you should keep SSL enabled. However, a quick test I did showed that SSL negotiation can take up to 2 seconds to occur. SSL adds overhead, but not that much.

So you may want to check that the certificates don't have any issues like revocations occurring on the backend.

I also saw one instance where it took about 1 second just to open a TCP connection. Outside of network latency, it should only take tens of milliseconds (maybe hundreds sometimes) for a server to open a TCP connection. If it's taking 1 second, something's likely not right with the server.

With regards to the keep-alives, you may want to check your Apache server configuration. WPT shows that it closes the client's connection it opened after certain requests, instead of "agreeing" with the client to keep the connection alive. This will not only increase response time, but will also increase server CPU a bit because the server is closing and opening all these connections.

Since you seem to be running Wordpress, you may want to look at the W3 Total Cache plugin, where you can enable keep-alives, rather than going to Apache directly.

So because of the possible issues with SSL negotiations, time to open up connections and keep-alives, I would take a look at any issues on the server side.

If you're able to, I would use a packet capture tool like Wireshark or tcpdump (like WPT has) to look for any communication to your CA and possible revocations or install something like a New Relic agent to see what's happening on the server itself.

RE: Let's Encrypt free SSL will make my site slow ? - uniqfree - 04-13-2016 02:24 PM

Thanks akshayranganath and Beyonstop for your replies

I will keep the SSL as your advice, I am thinking move my site to a better host to increase the speed.

Have a good day!

RE: Let's Encrypt free SSL will make my site slow ? - GreenGecko - 04-15-2016 02:36 PM

Lets Encrypt already has a very bad reputation. Given that there's loads of providers out there offering certs for US$10/yr or less, I heartily recommend that you use one of those instead.

There are great things that you can do with https: - using either SPDY or HTTP2 will ensure the most efficient use of the available bandwidth by reducing latency reusing connections for example. Not sure where apache is with all this, but nginx offers SPDY, and HTTP2 in the bleeding edge versions.

As for performance, it does depend on how you set it up, and what ciphers you use. For example, one of my demo sites - http://www.webpagetest.org/result/160412_88_21T/ - shows 7ms SSL negotiation ( this is at native speed mind you! ), which few people would notice!

Use the resources supplied by https://www.ssllabs.com to validate and improve your setup. They really know what they're talking about!

RE: Let's Encrypt free SSL will make my site slow ? - akshayranganath - 04-15-2016 10:59 PM

(04-15-2016 02:36 PM)GreenGecko Wrote:  Lets Encrypt already has a very bad reputation.

Could you elaborate on this one please? I did use LetsEncrypt for a test site and was amazed at simplicity of the setup. However, I wasn't aware of issues related to this CA.