New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is freegetssl legit?
davidlabib
Member
in General
Hello guys
I was looking for the best pricing for SSL reselling and i found this
https://freegetssl.com/ssl/en/
Is their pricing real? as it seems to be too good to be true
This discussion has been closed.
Comments
No! Hell no!
There is always the option of free SSL using Let's Encrypt or ZeroSSL.
If you really want paid SSL because of some special project or something, you can get a SSL for 5 years with just $4 at SSLs.
If however, you intend to advertise your website... LET can provide free SEO for you. Just ask.
What the fuck.
I love adding a middleman (which also has my private key) between me and a free API.
I don’t know what’s the point of buying SSL certificates in this day and age. Even browsers nixed the one main benefit of EV certificates a long time ago.
At the end of the day they largely use the same cryptography for encryption.
The site makes 0 sense, in the comparison Let's Encrypt gets 0 points because it does not offer any payment providers. Maybe because it is free?!
Between the nonsensical typos everywhere, thats a lowkey way to get your clients compromised. Using that thing for your personal project for shit and giggles is something, but you're trying to resell it? Holy batman...
Typical marketing practice of comparing yourself to other providers and making them look as bad as possible. In short, they're biased.
TIL
My clients continue to purchase SSL certificates. Over the past year, I have bought more than 250 SSL certificates from GoGetSSL. Selling SSL certificates has been very profitable for me.
What's the purpose on buying a SSL cert rather than using LetsEncrypt??!
Some people have very complected configuration where certbot can't update the free certificate automatically
So he seek to get a 1 long term certificate (1 year or more) to remove the headache of accessing the server and renew each 3 months
https://www.theregister.com/2025/04/14/ssl_tls_certificates/
You have about 2 years before it'll be 3 months for every valid certificate
@ehhthing
That's heart breaking news 🥲
This is great news, objectively.
Why? More headache?
I have a few Web Development clients who also buys SSL from Godaddy, looks like they don't offer free SSL with their hosting...
They don't unless you buy the domain also from them
That's why people want 1 year cert
Vendors have 2 years before people start complaining a lot, lots of time to add ACME to things.
Or just use a reverse proxy of course.
We need to destroy the paid SSL market -- run by true parasites.
The whole SSL/TLS idiocy has become a ridiculous shit show, so just join the giant remote controllable herd and use letsencrap "certificates" - or - use real and really trustworthy crypto for really sensitive and/or secret stuff.
Hating on PKI is… an interesting perspective.
I bet you have a total of zero CA grade HSMs in your house though.
What in your mind is “real crypto”?
I don't hate PKI, I don't trust it and especially not letsencrap. Difference.
How do you know? How much are you willing to bet? But maybe first define "CA grade HSM".
Oh, and being at it, you do know that CAs have been hacked (and/or basically even broke themselves due to stupid errors and the like)?
Mathematically proven crypto that also is properly implemented and verified (and used).
In my case it is a niche application. For example, SSL on WAF. You can, of course, change it every 3 months but it is not fun. Doing it once a year is much more comfortable.
If you can bill the client $8000 to replace the certificate, you get to charge it 4 times per year instead of once per year, quadrupling your income.
That's $4/y.
Lots to unpack here — all modern PKI cryptography is, as you desire, “mathematically proven” and OpenSSL/BoringSSL is, generally, “properly implemented, verified and used”. If you’re using TLS1.2/1.3 with an acceptable set of ciphers enabled, as long as you can trust the certificate the cryptography is “proven” to be secure.
PKI exists as an answer to the question of “should I trust the certificate?” Now, you might disagree with whether a given CA should be trusted or not, but your point “either use LE or real crypto” is incorrect because these two things are not mutually exclusive.
The fundamental question “should I trust a given certificate” is inherently not a question that can be answered unless you personally know exactly which certificates are trustworthy. So keeping that in mind, I argue that you can still use LE as part of a system where you have absolute trust in a network connection. I’m going to give an example where I’m replacing SSH host keys with LE certificates (which is something you can actually do).
Since the ACME protocol requires you to submit a CSR with a public key, you have full control over how you want to generate your key pair and nobody knows your private key except you.
Even if you don’t trust ACME verification, you can still use LE. Submit a public key inside of your CSR that you trust, and verify the public key presented in the certificate when you connect to the server.
Think of it as “PKI = almost certainly trustworthy” and “Public Key Pinning = absolutely trustworthy” but as long as you know which keys are trustworthy, you can do both.
When you use LE, you are also using “real crypto”.
Yeah and last time this happened the CA got kicked out the second it was found out. Nowadays, you can add a CAA record to prevent compromised CAs from issuing certificates since all certificates must be presented with a CT log (so basically 2 different compromised would be needed to issue a certificate, unless the CA you choose is compromised).
PKI also just doesn’t have the same preconditions as public key pinning: you can only use public key pinning if you know exactly which keys are trusted. PKI, on the other hand, helps you make a decision on whether you should trust a key that you aren’t already aware of yet.
The point here was never to have absolute trust, but PKI itself is probably as good as we can make it while also being accessible for the average organization to use it.
I would also like to point out that unless you physically have access to a server, you have no way of verifying whether or not a SSH host key is the one on the server. Any connection over the internet can be intercepted, and all evidence that a host key is the one on the server can also be forged. Trusting the initial connection is not an absolute proof.
In some ways, there is no solution to whether or not you can trust a public key unless the server is physically in front you, so you have to use some kind of non-provable trust regardless.
I stopped even reading that after the first paragraph. You obviously want to believe in TLS, so got ahead, I won't try to stop you.
But please don't serve me a mixture of marketing bla and selective picking., like for example only responding to "mathematically proven", and even that very loosely, and simply ignoring e.g. "verified implementation".
I'm neither interested in a "religious" war of believers, nor in a pissing contest, especially not with someone who obviously just repeats the believers sermon.
So again, just go ahead and use TLS wherever you feel, I don't mind you wasting your cycles in Vodoo.
Let's Encrypt, ZeroSSL, and AutoSSL all offer free SSL certificates. You can also install them easily using free control panels.
I work with multiple professors and PhDs who do cryptography research: TLS is secure and any suggestion otherwise is pure conspiracy.
If you want pure side channel attacks resistance stop using the internet because such a protocol does not practically exist.
Then those professors and PhDs must have missed the multiple security issues e.g. OpenSSL had ...
In other words: You and your professors and PhDs seem to confuse "theoretically secure" and "actually secure". Sadly we can't use theoretical TLS but have to use actual implementations. You know, for example the implementations using probable primes ...
But Thanks for amusing me with your crude "shut the fuck up!" attempt ("TLS is secure and any suggestion otherwise is pure conspiracy"). Maybe try that again once you have a couple of years of experience under your belt.
End of discussion, have a good time at the university.
Oh boy.
Have you interacted with the mathematical research with what a “probable prime” actually is or did you just hear this somewhere and are now regurgitating it to make yourself sound smart? For context: with 64 rounds of miller-rabin (the number of rounds OpenSSL uses), your chance of generating a non-prime for a 2048 bit RSA key is 2^-128. It’ll take you about the same amount of time to crack an AES-128 key (something nobody has ever done) as it would for you to generate a non prime with OpenSSL and that’s if you are trying to generate a non prime.
You still haven’t defined what provably secure actually means. Definitively proving that a given program is “secure” is NP-hard. You basically need to go through every single possible execution path and input which is not something you can do with any cryptographic library unless it is extraordinary short. The reason nobody does this is because for all practical purposes it’s not possible. Instead what you often see is “proofs” using symbolic execution with a SMT prover — but those are probabilistic which you’ve made clear is not acceptable so your requirement that it be “proven” also makes no sense.
Even if you prove that a given library is secure, you also need to prove that your OS kernel and your CPU firmware are secure, since libraries need to (among other things) generate random numbers. Doing such a thing is again, impossible, because those codebases are way too large to make it feasible.
Frankly it doesn’t sound like you’ve meaningfully interacted with security research at all. The way you fixate on inconsequential aspects in specific places suggests that you’re missing out on the big picture.
But don’t let me ruin the world you’ve created in your mind where you’re the only one who’s smart enough to see that OpenSSL uses “probabilistic primes”.