How can I verify that a certificate is valid? And I do not mean only that it has not expired but also to the validity of the brand behind it, which certificates should I trust and which ones should I not trust?
For example Lets encrypt allows everyone to create a certificate so its validity is not so much. Which ones are the best valued and which should I trust?
The validity of ssl certificates (in terms of being legit) depends on several factors:
All these are requirements that any ssl certificate verification tool can easily solve.
However, the most important thing is trust. For this, what you must decide is whether you trust the Certifying Authority (CA) that signs the certificate.
There are many globally accepted CAs (COMODO, LetsEncript, DigiCert, Amazon, etc.). Part of all validation ssl includes verifricar that we have installed the certificates of that CA (that is, we trust it).
All browsers and operating systems have a store of these certificates.
In the business world, for example, many companies create their own CAs so that all their teams rely on the certificates issued by them.
Regarding LetsEncrypt or any other certificate authority, the important thing is what validations they perform.
The latter are more complicated since they require human verification for which companies charge good prices, but they are also the most "reliable" and include for example the "Green Bar" in browsers.
LetsEncrypt performs an automatic validation of the domain, asking you to demust the ownership of the domain. Therefore, your certificates serve you perfectly to verify that a server that tells you that it is "example.com" is legitimate.