Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need SSL Wildcard Certificate
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need SSL Wildcard Certificate

gksgks Member

Anyone could recommend reasonable wildcard SSL [for sub-domains]? I see here https://www.gogetssl.com/wildcard-ssl/positivessl-wildcard/ but minimum it starts with 67 per year, I look around 30-40 usd per year. Yes, economy hurts now.

«13

Comments

  • I'm using AlphaSSL, $40.

    https://www.ssl2buy.com/alphassl-wildcard.php

    Or ssls.com is cheap as well but in most cases you need 2 - 4 year commitment to get the best price. 1 year is always more expensive.

    Or you could just go with Letsencrypt.

    Thanked by 2timelapse gks
  • Nope, I am rich and I am not gonna use any free stuff such as Letsencrypt.

    Thanked by 3gks kkrajk RickBakkr
  • @elliotc said:
    Nope, I am rich and I am not gonna use any free stuff such as Letsencrypt.

    That's good point, but for unlimited subdomains Let's Encrypt is hard to implement.
    Of course, not impossible. Recently our team developed Let's Encrypt automation for 700+ HPE iLO subsystems in our Data Center.

    Thanked by 1gks
  • @elliotc said:
    Nope, I am rich and I am not gonna use any free stuff such as Letsencrypt.

    Personally I'm not a huge fan of LE. I always buy my certificates.

    I mean the entire Internet is getting depended on LE, if something happens to them they get hacked or something and they have to revoke all certificates ... Imagine.

    And because they give out such a large amount of certificates they are a HUGE target.

    Thanked by 2quicksilver03 jsg
  • stormstorm Member

    @croweb_host said:

    @elliotc said:
    Nope, I am rich and I am not gonna use any free stuff such as Letsencrypt.

    That's good point, but for unlimited subdomains Let's Encrypt is hard to implement.
    Of course, not impossible. Recently our team developed Let's Encrypt automation for 700+ HPE iLO subsystems in our Data Center.

    Let's Encrypt offers wildcard certs with DNS validation. I haven't got around to automating it yet, but I don't have that many domains/servers.

  • @storm said:

    @croweb_host said:

    @elliotc said:
    Nope, I am rich and I am not gonna use any free stuff such as Letsencrypt.

    That's good point, but for unlimited subdomains Let's Encrypt is hard to implement.
    Of course, not impossible. Recently our team developed Let's Encrypt automation for 700+ HPE iLO subsystems in our Data Center.

    Let's Encrypt offers wildcard certs with DNS validation. I haven't got around to automating it yet, but I don't have that many domains/servers.

    Try to get Wildcard SSL from Let's Encrypt for 100+ subdomains.
    And post the result here, please.
    BR

  • gksgks Member

    I am not really aware wildcard support for lets encrypt, most important part is, I am not expert with lets encrypt. I wish I would like to learn, but dump enough with modern Linux securities, the clients are pointy hairy people. I will go with AlphaSSL.

    Does AlphaSSL is anyway lower than highly priced SSLs like Comodo/Geo etc with respect to performance/High Availability? This requirement is for IOT, I am sure to be hit with 1000+ devices with HTTPS, TLS etc every minute for now, at least in simulation environment and production would vary.

  • hzrhzr Member

    croweb_host said: Try to get Wildcard SSL from Let's Encrypt for 100+ subdomains.And post the result here, please.

    I already do this. It's the same as a normal cert. API to add a TXT record, fully automated, automated renewals.

    I've had wildcard automated renewals on LE running for a long time now.

    Thanked by 2Falzo kkrajk
  • danielhmdanielhm Member
    edited April 2020

    @marvel said:

    @elliotc said:
    Nope, I am rich and I am not gonna use any free stuff such as Letsencrypt.

    Personally I'm not a huge fan of LE. I always buy my certificates.

    I mean the entire Internet is getting depended on LE, if something happens to them they get hacked or something and they have to revoke all certificates ... Imagine.

    And because they give out such a large amount of certificates they are a HUGE target.

    Right - so you prefer going and manually having to reissue your certificate when the vendor you bought it from gets hacked?

    LE is all automated if you set it up right. If your doomsday happens, you're 1 command away from resistance.

    Thanked by 1angstrom
  • @hzr said:

    croweb_host said: Try to get Wildcard SSL from Let's Encrypt for 100+ subdomains.And post the result here, please.

    I already do this. It's the same as a normal cert. API to add a TXT record, fully automated, automated renewals.

    I've had wildcard automated renewals on LE running for a long time now.

    Exactly. Why do people hate change so much? LE is a million times better than what it's replacing.

    Thanked by 2Daniel15 angstrom
  • hzrhzr Member

    danielhm said: Exactly. Why do people hate change so much? LE is a million times better than what it's replacing.

    I even started it in the first place by having to run their docker container because it was only in the "v2" test-API for issuance, but the renewals since then have all been automated. I don't see the problem here.

    That being said, the track record for LE has been better so far than, for example, $1000/yr cert vendor like Symantec...

  • laobanlaoban Member
    edited April 2020

    @marvel said:

    I mean the entire Internet is getting depended on LE, if something happens to them they get hacked or something and they have to revoke all certificates ... Imagine.

    And because they give out such a large amount of certificates they are a HUGE target.

    What if your paid CA gets hacked?

    Thanked by 1kkrajk
  • timelapsetimelapse Member
    edited April 2020

    @laoban said:

    @marvel said:

    I mean the entire Internet is getting depended on LE, if something happens to them they get hacked or something and they have to revoke all certificates ... Imagine.

    And because they give out such a large amount of certificates they are a HUGE target.

    What if your paid CA get hacked?

    Anyone and anything can get hacked. LE is just more attractive seeing how many use it. Since it relies on automation, its users are more likely to be careless and dependent.

    Actually LE is already being abused since mostly phish sites use it. You never see paid OV or EV ssl being used for phish and yet browsers removed the green bar. Maybe to level the field in LE's advantage?

  • timelapsetimelapse Member
    edited April 2020

    @hzr said:

    danielhm said: Exactly. Why do people hate change so much? LE is a million times better than what it's replacing.

    I even started it in the first place by having to run their docker container because it was only in the "v2" test-API for issuance, but the renewals since then have all been automated. I don't see the problem here.

    That being said, the track record for LE has been better so far than, for example, $1000/yr cert vendor like Symantec...

    LE is DV only. Symantec sells more than DV along with other security services... You cannot prove ownership, authenticity or legitimacy of a site with LE. LE is only good for personal sites.

  • MikePTMikePT Moderator, Patron Provider, Veteran
    edited April 2020

    We sell Wildcard SSLs for 40.25€/year and cheaper for longer billing cycles.
    Check https://myw.pt/manager/cart.php?gid=12

    Thanked by 1timelapse
  • @timelapse said:
    LE is DV only. Symantec sells more than DV along with other security services... You cannot prove ownership, authenticity or legitimacy of a site with LE. LE is only good for personal sites.

    Who would be so stupid to buy security services by symantec? If they are known for one thing, it is getting hacked and beeing insecure.

    Yes LE is only good for personal websites, mine is bmw.de. More personal it won't get i guess?

    OV and EV certs are dead, a user can't see the differents between a DV and a EV cert anymore, so why would you pay for that shit?

  • FalzoFalzo Member

    @hzr said:

    croweb_host said: Try to get Wildcard SSL from Let's Encrypt for 100+ subdomains.And post the result here, please.

    I already do this. It's the same as a normal cert. API to add a TXT record, fully automated, automated renewals.

    I've had wildcard automated renewals on LE running for a long time now.

    +1, just to leave this here, might help others: https://github.com/acmesh-official/acme.sh/wiki/dnsapi

    Thanked by 2timelapse Decicus
  • @user54321 said:

    @timelapse said:
    LE is DV only. Symantec sells more than DV along with other security services... You cannot prove ownership, authenticity or legitimacy of a site with LE. LE is only good for personal sites.

    Who would be so stupid to buy security services by symantec? If they are known for one thing, it is getting hacked and beeing insecure.

    Yes LE is only good for personal websites, mine is bmw.de. More personal it won't get i guess?

    OV and EV certs are dead, a user can't see the differents between a DV and a EV cert anymore, so why would you pay for that shit?

    I know businesses that buy Verisign certificates for $1500 / year but then again, if your turnover is 100 million a year who gives a shit about $1500.

    Sure you can use LE as BMW and save a few bucks but for companies it's more than the money. It's insurance, support, ISO certification etc.

    Thanked by 2timelapse kkrajk
  • hzrhzr Member

    Note that to be trusted in browsers, LE has to pass the exact same audits as any commercial CA, more or less by the same auditors too.

    DV will be DV no matter where it is.

    Thanked by 1timelapse
  • timelapsetimelapse Member
    edited April 2020

    @marvel said:

    @user54321 said:

    @timelapse said:
    LE is DV only. Symantec sells more than DV along with other security services... You cannot prove ownership, authenticity or legitimacy of a site with LE. LE is only good for personal sites.

    Who would be so stupid to buy security services by symantec? If they are known for one thing, it is getting hacked and beeing insecure.

    Yes LE is only good for personal websites, mine is bmw.de. More personal it won't get i guess?

    OV and EV certs are dead, a user can't see the differents between a DV and a EV cert anymore, so why would you pay for that shit?

    I know businesses that buy Verisign certificates for $1500 / year but then again, if your turnover is 100 million a year who gives a shit about $1500.

    Sure you can use LE as BMW and save a few bucks but for companies it's more than the money. It's insurance, support, ISO certification etc.

    Lol is this an 'other' account? Thank you for taking the time to use your 'other' account to reply.

    Lol bmw is sh*t gtfo with your crap. That site does not do financial transactions. And why did it became about Symantec when we're talking about business-class SSL like OV and EV? These SSL dont come with the certificate only. It comes with enterprise tools and help pass certifications to fulfill requirements to be able to process transactions.

    And who said only Symantec can get hacked. Even Google can get hacked sooner or later. That would be hell.

    No, OV and EV certs are not dead. Does DV show business details in the certificate? Does DV prove domain ownership and business authenticity? No. The visual queues were useful but apparently the browsers wanted to save space and have agendas of their own. Hmm I wonder why Google dont use LE then?

    I wonder what others think if they find out their bank where they do online banking use free ssl?

  • timelapsetimelapse Member
    edited April 2020

    @hzr said:
    Note that to be trusted in browsers, LE has to pass the exact same audits as any commercial CA, more or less by the same auditors too.

    DV will be DV no matter where it is.

    Yes. Any CA whether it be commercial or sponsored like LE. But I wonder for how long LE can sustain it through sponsorship?

    Yes DV will be DV where it encrypts communication and only proves domain control but not who owns the domain.

  • @timelapse said:
    Lol bmw is sh*t gtfo with your crap. That site does not do financial transactions. And why did it became about Symantec when we're talking about business-class SSL like OV and EV? These SSL dont come with the certificate only. It comes with enterprise tools and help pass certifications to fulfill requirements to be able to process transactions.

    Thanks for finaly admitting it, that OV and EV certs are for people who are to stupid. And can't setup stuff on their own to pass certifications.

    @timelapse said:
    And who said only Symantec can get hacked. Even Google can get hacked sooner or later. That would be hell.

    nobody says that google can't get hacked sooner or later but they deal in a professional way with it instead of other companys like symantec.

    @timelapse said:
    No, OV and EV certs are not dead. Does DV show business details in the certificate? Does DV prove site ownership and business authenticity?

    For who does this matter? I'm not aware of any service provider in the payment or any other industrie that require you to have a EV cert. And users give zero Fucks about it. So for who you do it?

    @timelapse said:
    No. The visual queues were useful but apparently the browsers wanted to save space and have agendas of their own. Hmm I wonder why Google dont use LE then?

    because they have their own CA already longer than LE exists?

    @timelapse said:
    I wonder what others think if they find out their bank where they do online banking use free ssl?

    I couldn't care less

  • You really dont understand. If you see DV, OV and EV as one, great. You probably see all bmw cars as the same too. Yes bmw is shit. :)

    Yes Google likes to bully companies

    Um show me a payment provider or gateway that uses free or DV ssl.

    Yes Google pays a CA to have their own and it is not DV. So yeah all SSL are the same. They rotate CAs every few years when their contract expires.

    Good luck to you then. This will be my last reply to you.

  • Ssls.com - a brand of Namecheap
    PositiveSSL wildcard 38.88$/year

  • @timelapse said:
    You really dont understand. If you see DV, OV and EV as one, great. You probably see all bmw cars as the same too. Yes bmw is shit. :)

    you don't understand. Since browsers did remove any indication what type cert is used, you would have to distinguish the color of the car while being blind and sitting every time in the exact same model

    @timelapse said:

    Um show me a payment provider or gateway that uses free or DV ssl.

    https://www.authorize.net/

    @timelapse said:
    So yeah all SSL are the same.

    finally you did understand it and hopefully everyone else too that paying for a TLS cert is burning money since they are all the same.

    Thanked by 1kkrajk
  • gksgks Member

    I found this article, https://medium.com/@lakin.mohapatra/generate-lets-encrypt-free-wildcard-certificate-on-ubuntu-18-dcf26f458e13

    1. Is this good enough to get started? I would like to use nginx, mostly openresty [nginx flavour for lua], is renewal process of letsenrypt is easier one?

    AlphaSSL is 42 USD per year, I would like see if letsencrypt is possible with slight pain, I would like to use free stuffs.

  • hzrhzr Member

    it depends on who your dns provider is. cloudflare, etc -> generate an API key, and it'll autorenew everything for you without contact

    Thanked by 1gks
  • JordJord Moderator, Host Rep

    Letsencrypt is prem

  • @gks said:
    I found this article, https://medium.com/@lakin.mohapatra/generate-lets-encrypt-free-wildcard-certificate-on-ubuntu-18-dcf26f458e13

    1. Is this good enough to get started? I would like to use nginx, mostly openresty [nginx flavour for lua], is renewal process of letsenrypt is easier one?

    AlphaSSL is 42 USD per year, I would like see if letsencrypt is possible with slight pain, I would like to use free stuffs.

    super easy, use acme.sh. it only take couple minutes.

    Thanked by 1gks
Sign In or Register to comment.