Any experience of free SSL certificates

Snog

Well-known member
With the price of a 3 year certificate at $9.00 US a year, I don't think it's worth bothering with the free certificates.
 

Arty

Well-known member
Free SSL certificates sounds very fishy. I suggest to buy Comodo certificate. Its reasonably priced.
 

Liam W

Well-known member
I'm using a StartSSL class 2 certificate on all my sites (bar XF Liam root, which I use an EV cert on).

Multiple SAN subdomains on a single certificate. Makes it very easy to manage my nginx configuration.

Liam
 

ibnesayeed

Well-known member
Free SSL certificates sounds very fishy.
Would you please elaborate on why does it sound "very fishy" sir? Is it the same reason why some people think/feel that the free services and free software are "very fishy"? I am sure some people agree that a free web browser, a free version control system, and a free operating system all sound "very fishy" and so are Free SSL/TLS Certificates issued by Let's Encrypt which says, "Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG)."

This reminds me of a very unrelated video which some people might find amusing in this context.

 

Arty

Well-known member
Would you please elaborate on why does it sound "very fishy" sir?
It costs money to generate certificates and run servers. "Free" web/image/whatever hosting companies make money from advertising, but it does not apply to SSL certs. You can't embed ad in certificate. So they don't make money. No money -> no servers -> no service.

SSL certificates service must be reliable. If its not, its fishy and not trustworthy. If you use their service and something happens to their servers, your visitors (including search engines) will experience issues verifying certificate. That might tank your site's traffic and search engine standings.

Its not worth it. Better pay $9/year for Comodo certificate or not use SSL at all.
 

ibnesayeed

Well-known member
It costs money to generate certificates and run servers. "Free" web/image/whatever hosting companies make money from advertising, but it does not apply to SSL certs. You can't embed ad in certificate. So they don't make money. No money -> no servers -> no service.

SSL certificates service must be reliable. If its not, its fishy and not trustworthy. If you use their service and something happens to their servers, your visitors (including search engines) will experience issues verifying certificate. That might tank your site's traffic and search engine standings.

Its not worth it. Better pay $9/year for Comodo certificate or not use SSL at all.
Obviously, there is a reason why certificate authority services cost money, but that is true for ever space where free and paid services compete. Being paid doesn't necessarily make a service more reliable and being free doesn't make a service more fishy. For example, a paid service may go out of business because of the growing competition where profits become marginal.

I can think of at least two reasons (other than being fishy) why a company would offer free SSL certificate service:
  1. The company offers basic features for free, but charges for premium services. The free service brings them publicity and recognition which is like an investment in advertising to deal with the competition and make money from the premium customers. Outside of the SSL certificate space, GitHub could be a good example of such an offer where they allow unlimited opensource project hosting and collaboration while charging for private projects that are often used by organizations. The service obviously burns computing, storage, and network resources for the free tier the same way they do on premium ones. WordPress hosted service, Heroku, or Docker Hub are some other examples that work on this model. Luckily, they are all working quite reliably for many years.
  2. The internet community at large finds a service to be critical for a safe, open, and democratic web so they support its expenses in the form of a foundation with donations. Let’s Encrypt is one such service that is run by ISRG in collaboration with Linux Foundation and is funded by many big internet companies. Outside of the SSL certificate space, Wikipedia and Internet Archive could be good examples that have no advertisement on their sites while still running massive web servers solely based on donations reliably for many years.
 
Last edited:

Robust

Well-known member
Linux Foundation
That thing is such a scam. I was a paid member of it for a while and their website was broken so I couldn't get my fancy @linux.com email address. Their contact forms were broken, the webmaster email had no response and there was no way to make contact with them, not even on the email with payment. Oh well, I consider it a charitable donation.
 

Fred.

Well-known member
No need to. It works for me. May not for everyone. I can't say. I can't fault them.
It may work for now, but soon it will not work anymore. Mozilla, Google and Apple are de-trusting the certificates.
I just switched to Comodo.
 

indica

Member
Looks like startssl was bought out by dodgie bros inc. Damn. I'm going to have to get new certs by the sounds of it. Thanks snog. ;)
 
Top