Any experience of free SSL certificates

With the price of a 3 year certificate at $9.00 US a year, I don't think it's worth bothering with the free certificates.
 
Free SSL certificates sounds very fishy. I suggest to buy Comodo certificate. Its reasonably priced.
 
I'm using a StartSSL class 2 certificate on all my sites (bar XF Liam root, which I use an EV cert on).

Multiple SAN subdomains on a single certificate. Makes it very easy to manage my nginx configuration.

Liam
 
Arty said:
Free SSL certificates sounds very fishy.
Click to expand...
Would you please elaborate on why does it sound "very fishy" sir? Is it the same reason why some people think/feel that the free services and free software are "very fishy"? I am sure some people agree that a free web browser, a free version control system, and a free operating system all sound "very fishy" and so are Free SSL/TLS Certificates issued by Let's Encrypt which says, "Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG)."

This reminds me of a very unrelated video which some people might find amusing in this context.

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
 
ibnesayeed said:
Would you please elaborate on why does it sound "very fishy" sir?
Click to expand...
It costs money to generate certificates and run servers. "Free" web/image/whatever hosting companies make money from advertising, but it does not apply to SSL certs. You can't embed ad in certificate. So they don't make money. No money -> no servers -> no service.

SSL certificates service must be reliable. If its not, its fishy and not trustworthy. If you use their service and something happens to their servers, your visitors (including search engines) will experience issues verifying certificate. That might tank your site's traffic and search engine standings.

Its not worth it. Better pay $9/year for Comodo certificate or not use SSL at all.
 
Arty said:
It costs money to generate certificates and run servers. "Free" web/image/whatever hosting companies make money from advertising, but it does not apply to SSL certs. You can't embed ad in certificate. So they don't make money. No money -> no servers -> no service.

SSL certificates service must be reliable. If its not, its fishy and not trustworthy. If you use their service and something happens to their servers, your visitors (including search engines) will experience issues verifying certificate. That might tank your site's traffic and search engine standings.

Its not worth it. Better pay $9/year for Comodo certificate or not use SSL at all.
Click to expand...
Obviously, there is a reason why certificate authority services cost money, but that is true for ever space where free and paid services compete. Being paid doesn't necessarily make a service more reliable and being free doesn't make a service more fishy. For example, a paid service may go out of business because of the growing competition where profits become marginal.

I can think of at least two reasons (other than being fishy) why a company would offer free SSL certificate service:
  1. The company offers basic features for free, but charges for premium services. The free service brings them publicity and recognition which is like an investment in advertising to deal with the competition and make money from the premium customers. Outside of the SSL certificate space, GitHub could be a good example of such an offer where they allow unlimited opensource project hosting and collaboration while charging for private projects that are often used by organizations. The service obviously burns computing, storage, and network resources for the free tier the same way they do on premium ones. WordPress hosted service, Heroku, or Docker Hub are some other examples that work on this model. Luckily, they are all working quite reliably for many years.
  2. The internet community at large finds a service to be critical for a safe, open, and democratic web so they support its expenses in the form of a foundation with donations. Let’s Encrypt is one such service that is run by ISRG in collaboration with Linux Foundation and is funded by many big internet companies. Outside of the SSL certificate space, Wikipedia and Internet Archive could be good examples that have no advertisement on their sites while still running massive web servers solely based on donations reliably for many years.
 
Last edited:
ibnesayeed said:
Linux Foundation
Click to expand...
That thing is such a scam. I was a paid member of it for a while and their website was broken so I couldn't get my fancy @linux.com email address. Their contact forms were broken, the webmaster email had no response and there was no way to make contact with them, not even on the email with payment. Oh well, I consider it a charitable donation.
 
indica said:
No need to. It works for me. May not for everyone. I can't say. I can't fault them.
Click to expand...
It may work for now, but soon it will not work anymore. Mozilla, Google and Apple are de-trusting the certificates.
I just switched to Comodo.
 
Looks like startssl was bought out by dodgie bros inc. Damn. I'm going to have to get new certs by the sounds of it. Thanks snog. ;)
 
You must log in or register to reply here.

Similar threads

L
  • Question Question
XF 2.2 XenForo upgrade check failed: cURL error 60: SSL certificate problem
Replies
3
Views
294
louisl
L
ActorMike
SMTP Session is closed after each recipient over SSL
Replies
0
Views
419
ActorMike
ActorMike
gldtn
Redirection on inline moderation
Replies
4
Views
536
specials
S
W
Not a bug Chrome cache doesn't change after xenforo renews SSL certificate?
Replies
13
Views
2K
wangyu1314
W
USY
  • Question Question
XF 2.2 Sending mails with TLS settings not possible (Server is behind Cloudflare)
Replies
1
Views
553
🔥Iggy🔥
🔥
Top Bottom