How can I check if a certificate is valid? And I'm not just referring to the fact that it hasn't expired, but also to the validity of the brand behind it. Which certificates should I trust and which ones shouldn't?
For example Lets encrypt allows everyone to create a certificate so its validity is not that great. Which ones are the best rated and which ones should you trust?
The validity of ssl certificates (as to whether they are trustworthy) depends on several factors:
These are all requirements that any ssl certificate verification tool can easily solve.
However, the most important thing is trust. To do this, what you must decide is whether you trust the Certification Authority (CA) that signs the certificate.
There are many globally accepted CAs (COMODO, LetsEncript, DigiCert, Amazon, etc.). Part of all ssl validation includes verifying that we have the certificates of that CA installed (that is, that we trust it).
All browsers and operating systems have a store of these certificates.
In the business world, for example, many companies create their own CAs so that all their computers trust the certificates they issue.
Regarding LetsEncrypt or any other certificate authority, the important thing is what validations they perform.
The latter are more complicated since they require human verification for which companies charge good prices, but they are also the most "trustworthy" and include, for example, the "Green Bar" in browsers.
LetsEncrypt performs automatic domain validation, asking you to prove ownership of the domain. Therefore, their certificates serve you perfectly to verify that a server that tells you that it is "example.com" is legitimate.