New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Meh, I get Comodo for $3.95. But their cheapest wildcard is $69 a year.
syncserve - 2xSSL Revoked
hostmybytes - 1xSSL Revoked
"third cheap ssl reseller" - 1xSSL Not revoked
"fourth cheap ssl reseller" - 3xSSL Not revoked
Based on that, only syncserve and hostmybytes are affected by this right now.
Sounds like gogetssl. Time to use the wildcard + SAN mentioned in this thread.
The certs that I got from other LET members are still valid but there are people mentioned that their certs got revoked even though they weren't from hmb or syncserve.
@TheOnlyDK so you can do any of the alpha certs except the wildcard or with the wildcard but for that 140 price?
As for the comodo wild cert is it one cert that has both domains listed I take it instead of two certs one for each domain correct?
We can provide wildcard SSL free on the understanding they're only used on our VPS in Phoenix or Netherlands SingleHop network.
I can do any cert. Alpha wildcards are $37, $67, $92 for 1-3 years respectively. + PayPal fees.
Ah, OK then...
..anyway, I already found cheap wildcard certum based to replace them. 11.50 €/year @ nazwa
Well in a ticket with me you mentioned it could be used externally.
That would be the truth - there isn't a technical reason why you can't use it elsewhere. Now, if you should, is a completely separate dilemma.
I've gotten my wildcard for vpsBoard from Duke for a couple years now. I'm still curious if it'll be revoked or not, haha, but I'm hoping it won't be.
It won't be. Lol. All customer Certs are done through GlobalSign directly in my reseller account. I can provide proof of the transaction on GlobalSign's system if needed.
This seems like a reasonable statement to me: You can't use them elsewhere because they'll get revoked if you do.
We have a promo going on right now, $84.99 for your first year Comodo EV-SSL (Normally we charge $169.99 and Comodo charges $449).... Never been a fan of GlobalSign, we contacted them 2 years ago interested in offering their certificates but they weren't able to provide us with the level of service that we were looking for.
Now we deal with Comodo, and are working out a deal with Symantec and GeoTrust in the coming months.
I wonder if all these people used the same SingleHop account?
Tinfoil intensifies
Francisco
The reason is contractual. The certificates were stolen, so have been revoked.
Again, there is no technical method to prevent the use of the certificates. Would you consider it stolen if I used it on localhost (technically breaking the agreement), should it be revoked, and how can someone detect that usage?
They could query the main domain to see what certificate it offers and from what IP.
Why not just get your Certum wildcard SSLs (https://www.nazwa.pl/certyfikaty-ssl/) for $13 and be done with it?
whoa, that's insane!
I'm not going to argue this.
Say you have a certificate exampledomain999.co.uk. It's as simple as performing nslookup on the domain - not served from their network - stolen - and so revoked as stolen.
Next time use a provider that is not cheating on his/hers suppliers. That's it.
Last time I checked their certificates were marked as 'outdated security' as the root was signed using insecure key. Might have changed though.
@clouvider - are you able to clarify what you mean? how can they be "stolen"??
I got my money back.. for my one certificate. Better i use CloudFlare certs..
If the contract between the provider and Singlehop states that the certificates are to be used only on their network, and the provider sells them externally, how else would you call it?
It means the provider was not entitled to them, but have taken them, I have just one word for this in my dictionary.
You need to get a new dictionary. 'Misused' would be an more appropriate term.
I provided probably 10+ people on LET with some certs (have read about some certs getting revoked outside SH's network and didn't want to charge anything when I had no idea if it some day would get revoked, and since I already had the SH account, there was no extra charge for me, only my time). When I got the cert for you @rm, it was through GVH and their SH account, I only signed up with them for the SSL-certs. Then I got my own SH account paying $30/month for unlimited SSLs, I didn't mind the extra cost because I could reissue certs for the same CN instead of using my SHA1-wildcard cert with StartSSL. If only you could revoke your Class2-certs or choose to issue them for only 1 year. I can barely issue and certs for any of my domains because there is already a cert for the CN. That's why SH has been really nice for me.
Seems like all certs older than 30 days have been revoked. I checked their site after terms regarding the SSL-certs before I ordered and didn't find anything, checked again now, nothing. Going to contact their support to check why there is no info about it. $30/month*12, I could probably get some wildcard/normal certs for it and don't have to worry. Will have to see how this plays out Maybe Letsencrypt will make a huge difference.
I think there's a lot of misinformation here. let me explain my POV
After nuggets started this ssl madness I contacted singlehop directly, and asked them what the deal was. they confirmed to me that so long as I had a valid SH account, and the cert was used on a SH product (ie VPS or shared hosting inside a VPS), then the customer could do what they wanted with the cert elsewhere. so these certs being revoked are not because they are stolen. it presumably is simply that the host account has been closed.
I looks at the maths of this. buy a VPS from SHM. setup shared hosting. sell the shared hosting, say $5 for a 10MB plan. the plan comes with wildcard SSL cert. you can then sell a LOT of plans on that hosting setup. it doesn't need to include cpanel or anything useful, as it probably doesn't get used. the maths works, so long as you cover the monthly cost each month, so about 600 plans/yr will net you a profit.
perhaps SH changed their position on this. perhaps their supplier got sus with the volume of certs. perhaps the sales guys misrepresented what could be done. anyway, I liked the numbers, but decided not to go ahead with it. if it seems too easy, it probably isn't real or sustainable. seems other found out the hard way.
really all I'm saying is that SH were involved with enabling this. a pity I didn't copy the chat log from what I was told
This is the report:
https://www.ssllabs.com/ssltest/analyze.html?d=www.nazwa.pl&s=85.128.128.42&hideResults=on
Can you change something from there, or it is task from the CA?
@netomx $13 one is https://www.ssllabs.com/ssltest/analyze.html?d=poczta.nazwa.pl&latest
..anyway, I already found cheap wildcard certum based to replace them. 11.50 €/year @ nazwa
no english website? Did you use google translate ?