Where do you buy SSL Certificates?

Forums › IT Pro and developers › Where do you buy SSL Certificates?

zespri

412 posts

Ultimate Geek

Lifetime subscriber

#205207 3-Nov-2016 09:29

So I've been using StartSSL for a number of years and was quite happy with them.

Their business model was that you pay for *validation* once a year about 60USD and then you can have unlimited number of certs (under fair use) including wildcard certs.

But recently StartSSL was acquired by WoSign, which lead to a total debacle with Chrome and Mozilla revoking their trust from StartSSL root cert.

Details can be found here

https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview

and here

https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

As a result I no longer want to give my custom to StartSSL.

What are good alternative for private certs. What I need:

SSL, Email and code signing certs
Wildcard certs or ability to generate many certs for the same subdomain without paying an arm and a lef
Of course the root cert has to be implicitly trusted by the major players

I believe that GoDaddy is evil, so I don't want to go this route either.

Is there a nice place that won't charge you through the nose, for a few SSL certs?

1 | 2 | 3

3866 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1663112 3-Nov-2016 09:32

We successfully have been using RapidSSL certificates from trustico.co.nz for 5 or so years.... normally on SBS2011 servers for the Microsoft Exchange HTTPS connections. Pretty well priced compared to some.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management. A great Kiwi company.

MackinNZ

450 posts

Ultimate Geek

Lifetime subscriber

#1663116 3-Nov-2016 09:47

I use enomcentral.com for all my SSL certificates. Never had any problems and the pricing is very good.

sidefx

3711 posts

Uber Geek

Trusted

#1663126 3-Nov-2016 09:54

Anybody using or have thoughts on Let's Encrypt?

https://letsencrypt.org/

"I was born not knowing and have had only a little time to change that here and there." | Octopus Energy | Sharesies
- Richard Feynman

Beccara

1469 posts

Uber Geek

ID Verified

#1663136 3-Nov-2016 10:00

90 days cert life kills it. I hate dealing with SSL/Certs so 2 years is min for us.

We have been using StartSSL and i'm not sure what we are going to do without blowing out our budget. Close to 200 certs issued and little support for wildcard :/

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

zespri

412 posts

Ultimate Geek

Lifetime subscriber

#1663141 3-Nov-2016 10:03

Beccara:

90 days cert life kills it. I hate dealing with SSL/Certs so 2 years is min for us.

We have been using StartSSL and i'm not sure what we are going to do without blowing out our budget. Close to 200 certs issued and little support for wildcard :/

I know, right? Bummer...

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1663166 3-Nov-2016 10:30

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...

networkn

Networkn
32349 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1663168 3-Nov-2016 10:31

SSl2BUY they are fantastic!

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

deadlyllama

1260 posts

Uber Geek

Trusted

#1663169 3-Nov-2016 10:33

Get a reseller account with https://www.gogetssl.com/ (essentially no bar to clear for this), then login and check out the "my prices" screen...

They don't do affiliate links but you're welcome to buy me a coffee with the money you've saved if you're ever in Whanganui.

sidefx

3711 posts

Uber Geek

Trusted

#1663171 3-Nov-2016 10:35

SumnerBoy:

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...

Yeah that's what I thought - short cert lief shouldn't be an issue when renewal is designed to be easily automated - looks like there are many examples of how to do this on different platforms (not so sure about code-signing though!)

Can you shorten the automated script "timeout" to test it and\or just do it more frequently?

"I was born not knowing and have had only a little time to change that here and there." | Octopus Energy | Sharesies
- Richard Feynman

Behodar

10502 posts

Uber Geek

Trusted

Lifetime subscriber

#1663196 3-Nov-2016 11:03

For what it's worth, our wildcard certs at work are issued by "Starfield Technologies". No idea what pricing etc is like as certs are handled by another department.

kobiak

1615 posts

Uber Geek

Trusted

#1663202 3-Nov-2016 11:12

SumnerBoy:

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...

I'm using it for personal web sites. No issues with auto-renew, cron job.

helping others at evgenyk.nz

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1663220 3-Nov-2016 11:35

Actually just checked my logs and my certs were auto-renewed a few days ago...seamless!

timmmay

20575 posts

Uber Geek

Trusted

Lifetime subscriber

#1663223 3-Nov-2016 11:40

I use Lets Encrypt for four or five different small business websites. On Amazon Linux their client is rubbish so I used ACME, which auto renews just fine. I have a tutorial on how to use Let's Encrypt under Amazon Linux, if anyone wants a link PM me.

deadlyllama

1260 posts

Uber Geek

Trusted

#1663243 3-Nov-2016 12:05

timmmay:

I use Lets Encrypt for four or five different small business websites. On Amazon Linux their client is rubbish so I used ACME, which auto renews just fine. I have a tutorial on how to use Let's Encrypt under Amazon Linux, if anyone wants a link PM me.

Why not use AWS's "free" certificate authority via an ELB?

timmmay

20575 posts

Uber Geek

Trusted

Lifetime subscriber

#1663245 3-Nov-2016 12:12

Because I don't need an ELB for my small websites. An ELB costs $18/month and I use about 2% of the CPU capacity of a t2.micro, partly because I've set up caching carefully, both page caching on the server and the CDN. My average bill is about $1/month because I'm still under the free tier. Once I finish free tier I'll may also stop using RDS because it's around $10/month, and my t2.micro only uses 40% of RAM and 2% of CPU. Not sure I can be bothered moving from RDS to self hosted though.

1 | 2 | 3