New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Do one request at a time. Renewal is still a single crontab.
Wait, aren't their logs public? If so, requesting one at a time doesn't mitigate this. Plus, due to the tools I'm using for orchestration, some either "optimize" the requests on renewal and others want 1-process-alive-all-the-time-per-request-until-renewal-etc. So, it's not always a crontab thing and it ends up too much hassle for no reason.
Yeah, the logs are public. I thought you just didn't want someone browsing the cert to see your other subdomains.
You're going to have this cert lookup your domain's contact and you need to choose one of several possible for it to ack the request before you get the cert.
Fixed that for you loovit.net is much nicer now
Also, might register a company simply so that I can get a EV-cert for the site, all for that trust. Just need to read up on laws and stuff, gosh, I'll do that tomorrow instead ... :P
Guess Wildcard for $2 will be impossible
It's not a company at all, it's a simple script set up by a LET member to let other members get the free wildcard certs that SingleHop gives out to its subscribers. They're not supposed to be used outside the SingleHop network but in practice this doesn't seem to be enforced very much. In other words, it's great to have free certs to play with, but I wouldn't do anything too serious with them, rely on them much, or make too much noise about their existence. I still very much Fidde's willingness to do this.
I have no problems with renewals. Don't even bother checking them anymore. They are as reliable as any other cron job. Find a better script. I renew every month. If one renewal gets missed for some reason you still have 2 more shots at it. I don't think I have ever needed it.
SolusVM built in script renews them every week.
Startcom / StartSSL was a major headache for me. I used them to issue SSL certs for 14 domains, a bargain to pay for verification only and all certs were included at no extra cost. Worked fine since 2013, until ALL my SSL certs stopped working in Chrome and Firefox, without any warning from Startcom/StartSSL. Their "support" was pretty useless, often asking me to PAY for their temporary solution. They insisted all problems were temporary, to be patient for 1-2 months, but provided no details or evidence on actions they were taking. To the contrary, certificates they claimed would continue to work were also dis-trusted by Chrome and Firefox. I don't trust them. Either they were trying to mislead me, or had no idea what was going on. I also see a ycombinator thread about similar concerns about their business ethics.
I would never do business with them again, even if it were free. Too stressful. It all went downhill when Chinese company Qihoo 360 bought them last year. Their Wikipedia page says they have a history of violating certificate issuance control, and fail to give proper notifications.
I am using Let's Encrypt, ssl2buy, and gogetssl now.
https://www.kernel.org/gandinet-tls-certificates.html
I have a gandi certificate that was free for 1 year with a domain that I registered with them. But I'll switch to letsencrypt at the end of the year rather than pay for a renewal of the gandi cert.