New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Got the flu.
Yes, with a wildcard, you can use the certificate on as many servers as are within the *.domain.com realm. Simply generate your CSR for *.domain.com (or whatever domain you need the cert for) and once you have completed the approval domain validation emails the cert and bundle will be in your account, so easy retrieval for as long as I remain in business. So standard disclaimer, I could drop dead tomorrow, but I am not the one man show everyone thinks I am either.
@miTgiB I always thought that I could contact the issuing authority (like Comodo in this case) for a re-issue in case that the reseller disappears for any reason. So it isn't like that?
Really, what do you expect when paying peanuts to clowns for something that usually cost a lot more?
Just a heads up: https://www.nazwa.pl/certyfikaty-ssl/
asked me to send them ID photocopy etc when I created a new account.
That would seem reasonable I will have to look if true
Not that I know this as a fact - I was just always assuming that there had to be a way like that. I am very much looking forward to what you find out!
Nothing in the wiki from the reseller I am using, but I will see what I can find upstream
Are you saying you would call $50 an appropriate price for a certificate that requires no human interaction nor effort whatsoever?
@HostMyBytes
Can you confirm whether HostMyBytes will be offering SSL's again or not since SingleHop mentioned to @Fidde that this was an issue on the SSL issuer's end, and not revoked for abuse?
I don't think and hope that they won't revoke more certs. Not all of my certs were revoked and not a single one is used within their network. Even a cert issued <30 days was revoked. I'll just have to issue a few new certs to replace the old ones and see if the old and new are revoked.
So in summary the cheapest legit, low-hassle wildcard SSL cert available is $40/year ?
Unless you want to fax your personal info to either Poland (nazwa) or Israel (StartSSL) and get your location/email embedded in the cert?
Or use the chinese issuer (WoSign) with long ocsp delay for a 10 subdomain cert?
Did I miss anything?
Surprised there aren't more SSL issuers, it seems like a license to print money.
People have also mentioned using the free cloudflare certificates but I don't see how you could do that without routing all your traffic through their servers, unless I am missing something.
You could prevent the delay for your visitors by implementing ocsp stabling and caching the ocsp response.
What long delay? Stop repeating this silly scarecrow myth. Testing from Paris, France:
My, aren't we friendly? Since you added me in your quote... I didn't spread any myths. OCSP stabling works with any SSL cert provider to reduce delays when checking for the revocation status.
WOSIGN OCSP already using CDN.
test from various location
China is letting one of their corporations use amazonaws? That won't last long.
By the way, I found a report of China blocking all startssl certs from getting through a year or two ago.
Just found out this the other day as well. However, they seem to be banning entire network ranges from accessing their authoritative DNS servers. Which I think is a pretty lame move since what they're banning is most likely spoofed anyway. I had to disable OSCP stapling for a Wosign cert because of this.
Many Chinese corps use Amazon for foreign visitors.
WoSign is fine once you setup stapling on the server.
WoSign is working for me including stapling.