Where do you buy SSL Certificates?

Forums › IT Pro and developers › Where do you buy SSL Certificates?

zespri

424 posts

Ultimate Geek
+1 received by user: 94

Lifetime subscriber

#205207 3-Nov-2016 09:29

So I've been using StartSSL for a number of years and was quite happy with them.

Their business model was that you pay for *validation* once a year about 60USD and then you can have unlimited number of certs (under fair use) including wildcard certs.

But recently StartSSL was acquired by WoSign, which lead to a total debacle with Chrome and Mozilla revoking their trust from StartSSL root cert.

Details can be found here

https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview

and here

https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

As a result I no longer want to give my custom to StartSSL.

What are good alternative for private certs. What I need:

SSL, Email and code signing certs
Wildcard certs or ability to generate many certs for the same subdomain without paying an arm and a lef
Of course the root cert has to be implicitly trusted by the major players

I believe that GoDaddy is evil, so I don't want to go this route either.

Is there a nice place that won't charge you through the nose, for a few SSL certs?

1 | 2 | 3

4015 posts

Uber Geek
+1 received by user: 1850

ID Verified

Trusted

Lifetime subscriber

#1663112 3-Nov-2016 09:32

We successfully have been using RapidSSL certificates from trustico.co.nz for 5 or so years.... normally on SBS2011 servers for the Microsoft Exchange HTTPS connections. Pretty well priced compared to some.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

MackinNZ

450 posts

Ultimate Geek
+1 received by user: 119

Lifetime subscriber

#1663116 3-Nov-2016 09:47

I use enomcentral.com for all my SSL certificates. Never had any problems and the pricing is very good.

sidefx

3775 posts

Uber Geek
+1 received by user: 1295

Trusted

#1663126 3-Nov-2016 09:54

Anybody using or have thoughts on Let's Encrypt?

https://letsencrypt.org/

"I was born not knowing and have had only a little time to change that here and there." | Octopus Energy | Sharesies
- Richard Feynman

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#1663136 3-Nov-2016 10:00

90 days cert life kills it. I hate dealing with SSL/Certs so 2 years is min for us.

We have been using StartSSL and i'm not sure what we are going to do without blowing out our budget. Close to 200 certs issued and little support for wildcard :/

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

zespri

424 posts

Ultimate Geek
+1 received by user: 94

Lifetime subscriber

#1663141 3-Nov-2016 10:03

Beccara:

90 days cert life kills it. I hate dealing with SSL/Certs so 2 years is min for us.

We have been using StartSSL and i'm not sure what we are going to do without blowing out our budget. Close to 200 certs issued and little support for wildcard :/

I know, right? Bummer...

SumnerBoy

2079 posts

Uber Geek
+1 received by user: 306

ID Verified

Lifetime subscriber

#1663166 3-Nov-2016 10:30

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...

HP

Shop now for HP laptops and other devices (affiliate link).

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#1663168 3-Nov-2016 10:31

SSl2BUY they are fantastic!

deadlyllama

1283 posts

Uber Geek
+1 received by user: 476

Trusted

#1663169 3-Nov-2016 10:33

Get a reseller account with https://www.gogetssl.com/ (essentially no bar to clear for this), then login and check out the "my prices" screen...

They don't do affiliate links but you're welcome to buy me a coffee with the money you've saved if you're ever in Whanganui.

sidefx

3775 posts

Uber Geek
+1 received by user: 1295

Trusted

#1663171 3-Nov-2016 10:35

SumnerBoy:

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...

Yeah that's what I thought - short cert lief shouldn't be an issue when renewal is designed to be easily automated - looks like there are many examples of how to do this on different platforms (not so sure about code-signing though!)

Can you shorten the automated script "timeout" to test it and\or just do it more frequently?

"I was born not knowing and have had only a little time to change that here and there." | Octopus Energy | Sharesies
- Richard Feynman

Behodar

11092 posts

Uber Geek
+1 received by user: 6070

Trusted

Lifetime subscriber

#1663196 3-Nov-2016 11:03

For what it's worth, our wildcard certs at work are issued by "Starfield Technologies". No idea what pricing etc is like as certs are handled by another department.

kobiak

1615 posts

Uber Geek
+1 received by user: 551

Trusted

#1663202 3-Nov-2016 11:12

SumnerBoy:

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...

I'm using it for personal web sites. No issues with auto-renew, cron job.

helping others at evgenyk.nz

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

SumnerBoy

2079 posts

Uber Geek
+1 received by user: 306

ID Verified

Lifetime subscriber

#1663220 3-Nov-2016 11:35

Actually just checked my logs and my certs were auto-renewed a few days ago...seamless!

timmmay

20858 posts

Uber Geek
+1 received by user: 5349

Trusted

Lifetime subscriber

#1663223 3-Nov-2016 11:40

I use Lets Encrypt for four or five different small business websites. On Amazon Linux their client is rubbish so I used ACME, which auto renews just fine. I have a tutorial on how to use Let's Encrypt under Amazon Linux, if anyone wants a link PM me.

deadlyllama

1283 posts

Uber Geek
+1 received by user: 476

Trusted

#1663243 3-Nov-2016 12:05

timmmay:

I use Lets Encrypt for four or five different small business websites. On Amazon Linux their client is rubbish so I used ACME, which auto renews just fine. I have a tutorial on how to use Let's Encrypt under Amazon Linux, if anyone wants a link PM me.

Why not use AWS's "free" certificate authority via an ELB?

timmmay

20858 posts

Uber Geek
+1 received by user: 5349

Trusted

Lifetime subscriber

#1663245 3-Nov-2016 12:12

Because I don't need an ELB for my small websites. An ELB costs $18/month and I use about 2% of the CPU capacity of a t2.micro, partly because I've set up caching carefully, both page caching on the server and the CDN. My average bill is about $1/month because I'm still under the free tier. Once I finish free tier I'll may also stop using RDS because it's around $10/month, and my t2.micro only uses 40% of RAM and 2% of CPU. Not sure I can be bothered moving from RDS to self hosted though.

1 | 2 | 3