Domain: ssls.com
Stories and comments across the archive that link to ssls.com.
Comments · 7
-
Let's Encrypt rate limit
There are quite a few free subdomain providers out there too, usually offering dyndns options and the like.
The problem is that a lot of these free subdomain providers aren't listed on the Public Suffix List. For example, afraid.org is not. And if a domain isn't on the Public Suffix List, Let's Encrypt issues no more than 20 certificates per week for that domain. This means 20 other users of that same domain will probably have already obtained their certificates before you, causing Let's Encrypt to reject your attempt to obtain a certificate with an error message to the effect:
Error: rateLimited
:: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: no-ip.bizSo it appears to be either A. use Let's Encrypt for the certificate and pay for the domain or B. use a free subdomain provider for the domain and pay Namecheap for the certificate.
-
Re:Reasonable (free or non-free) Alternatives?
I don't know of any one-stop-shop (certificate issuance and backup MX service are pretty orthogonal to each other), but there's plenty of CAs out there that will issue you certificates.
This Comodo reseller sells PositiveSSL certs for ~$5/year with a validity time up to 3 years. That's about as cheap as you can get. They also offer (for the next few weeks, at least) GeoTrust, Symantec, and Thawte certs, but the costs for those are higher and they'll stop selling them in December. Comodo offers free S/MIME certs that validate only your email address, as well as paid ones that validate your email and name (if it matters). The paid ones start at $12/year.
Of course, Let's Encrypt is a good option: the certs are free and you can run any of a multitude of ACME clients (or write your own) to validate your domain, generate the key (which is made by and stays on your system), request the certificate, and install the certificate. A simple cronjob handles renewals without any interaction from you. That makes life really easy. They don't do S/MIME certs, though.
-
Re:Alternatives?
The net effect of this decision is that only big companies and people with too much free time can afford TLS.
Ummm, you can get a certificate issued by Comodo for $5 USD per year:
https://www.ssls.com/ssl-certi...
It's a real certificate, trusted by all browsers,
It has both the Server Authentication (1.3.6.1.5.5.7.3.1) and Client Authentication (1.3.6.1.5.5.7.3.2) OIDs.
If securing your data on the internet isn't worth $5 to you, then I can't help you.
But please stop whining.
-
Re:Free and Easy.
1. Certificates are expensive
2. They are hard to Setup.Seriously?
1. If you want a real certificate with browser ubiquity, you can get them for USD $4.99: https://www.ssls.com/ssl-certi...
2. You can set up IIS with a certificate in less than 5 minutes. IIS has had a wizard interface to do this since at least windows server 2003.
-
Re:Let's Encrypt
Certificate cost is no longer the obstacle it used to be, as a TLS certificate is free unless you need organizational validation. StartSSL and WoSign have been providing domain-validated (DV) certificates without charge to individuals for years, and automated ACME CA Let's Encrypt has been in operation for several months.
Indeed. TLS certs are, as you point out, available for free. Even if one wishes to pay for a cert, DV certs are available for a pittance: Comodo's PositiveSSL certs are available for as low as $14.97 for three years ($4.99/year) from SSLs.com, a reseller owned by NameCheap. I spend more getting take-out lunch one day than it'd cost to get a cert for three years. That's basically a non-issue when it comes to even the most budget-constrained websites.
Other interesting details:
- Comodo's PositiveSSL offering is one of the very few CAs that will not only sign elliptic curve certs, but will do so using a separate, all-ECC certificate chain. Their ECC root is in all major browsers, but it's cross-signed by their UserTrust RSA root for legacy users. Naturally, PositiveSSL also offers an all-RSA chain for those who prefer RSA certificates, but I thought it was cool they offer an all-ECC chain and charge the same price for ECC or RSA certs.
- StartSSL recently started signing ECC certs from their RSA chain (4096-bit root, 2048-bit intermediate). While not as quite secure as an all-ECC chain, it's fast: clients can verify the RSA signatures quickly, and the server can perform fast ECDSA signatures/ECDHE key exchanges quickly.
- WoSign uses StartPKI, StartSSL's managed-PKI offering that chains up to the StartSSL root. Nifty. I knew StartSSL has offered that for a while but I'd never seen any such intermediates in the wild before.Full disclosure: I have no relationship with Comodo, StartSSL, SSLs.com, NameCheap, etc. other than being a paying user. I don't get any compensation, direct or otherwise, from mentioning them.
-
Re:Bad for small business owners
I've considered https, but it's too hard for me as a small web site owner: first I have to manage to get an SSL certificate (costs serious effort and money),
Buddy, you can get a certificate for less than FIVE US dollars per year. Is that too much for you? https://www.ssls.com/lp/4.99-ssl-offer.html
then I have to figure out how to install it correctly (tried it before with a self-issued certificate and failed; while I'm fairly computer savvy),
I think you should rethink your definition of computer savvy. And the certificate authorities have instructions for most web servers.
finally I have to somehow remember to renew it every few years or so
The certificate authority you bought it from will send you an email reminder, because they will want to sell you a new certificate.
- which is an interval way long enough to completely forget how the installation worked, so I have to start all over again.
So write down the procedure, and put it in your gmail account.
-
Re:Cost of certificates
The other cost of the S is the difficulty in obtaining and using certificates that are recognized by browsers without bothering the user.
Seriously? Why do people still believe this?
You can get certificates from godaddy for $15 or less per year with a coupon that you can easily find with google.
And SSLs.com will sell you a certificate for $4.99 per year:
https://www.ssls.com/lp/4.99-s...
Yes, UNDER FIVE US DOLLARS PER YEAR. If you can't afford that, you probably can't afford the internet in the first place.