New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Where more good to buy ssl ?
where more good to buy ssl?
RapidSSL Wildcard Certificate
or
https://cheapsslsecurity.com/rapidssl/rapidsslwildcard.html
where more good?
Comments
https://letsencrypt.org/
i need payed ssl
Why? They work in pretty much the same way.
Gogetssl.com
https://www.gogetssl.com/rapidssl/rapidssl-wildcard/ sell for 93$ ?
snipped for $60
Letsencrypt is free and works just as good as any paid SSL
Or sometimes better
snipped looks good one i buy now normal ssl thanks for share it
Cheapest wildcard ssl certificate I can find is
https://www.gogetssl.com/ggssl/wildcard-ssl/
he looks for RapidSSL Wildcard Certificate
Check our site https://hostfav.com/SSL.php
RapidSSL Wildcard Certificate for $60
snipped
-
https://hostfav.com/SSL.php
RapidSSL Wildcard Certificate for $100
I don't get why someone should care about wildcard domain validated TLS certs when we have let's encrypt
Can't you, just, issue a letsencrypt cert for each subdomain? There are some tools to deploy it pretty painlessly.
I'd understand if EV or OV certs were needed
Unless you need EV certificate, I don't find any good reason to use a paid certificate over Letsencrypt
I also buy certificates and avoid letsencrypt.
Unless you need many hosts you might go cheaper by simply buying multiple single certs. Usually one needs but @, www (1 cert) and mail (2nd cert) hosts, maybe a third one, like vps. But let's say you need 5. Cheap ones are 5$ or so, so you'd end up paying 25$ instead of 60$.
Bonus: you don't put all your eggs in one basket and you can get simple certs even for free (must renew them every 3 months similar to letsencrypt).
i use thesslstore.com
May I ask why?
Sure, @MFS
Mainly two reasons:
I don't like it at all to just trust and run some code from some shady guys on my servers. I do not at all like the letsencrypt mechanism. I strongly dislike, for instance, the 90 day cycle.
I did some research on letsencrypt and the people there and I found very shady but nice sounding "open [something]" foundations, soros linked groups, and even well known cia front ends.
Moreover, our problem isn't that PKI isn't free.
Our problem is that PKI is completely in the hands of greedy large corps and state agencies (many of whom about as trustworthy as rattle snake on cocain). Our problem is that PKI is lousy and insecure and badly designed.
And our problem is that certs were way too expensive for many years.
But it's not necessary to be free. "Much cheaper" was all that was needed. Say 3$ for a simple DV, 15$ for a simple CV, and 30$ - 50$ for an EV. That would be damngood enough.
Plus: Payment creates traces which is good in this case because it means that the CA has what the customer tells and shows them - plus - some information through the payment, say an account number and holder.
Finally and in summary I prefer to pay 5$/year for a DV certificate and be a customer rather than saving 5$ a year and be in the hands of a shady cia related "good people" group.
I feel like you have not properly researched it.
All their code is fully open source: https://github.com/letsencrypt/
As for the people, their board has many people involved from well respected organizations.
Not to mention that certbot is from EFF, and aggressive - sure - but they I wouldn't call "shady".
openssl (with heartbleed) is also open source. open source mean that it's open source, not that it's (automatically) good or trustworthy code.
Plus: You have no understood my point but merely seen a trigger to repeat the foss credo.
My point wasn't that their code is of this or that quality but that their mechanism requires me to have specific code on my server to get and keep their certs.
I personally strongly prefer "has control over the domain hence gets DV cert" over "can (and must) run a script on his server".
I told my personal view and I explained my reasoning. Period. Yours may be different and both of us are free to have their own view.
@bsdguy
if you do not trust their client, could you not use one of the many 3rd party ones, or perhaps even write your own?
Their spec is easily viewable: https://github.com/ietf-wg-acme/acme and not terrible to implement.
Yet another one of those "wonderful institutions".
Funny how simple people are caught with a nice story. Remember heartbleed? There was a lesson to be learned but most didn't get but preferred to continue sleeping and dreaming merrily about wonderful nice people.
The OpenBSD quite immediately reacted and started libressl. But they didn't get much support, they had to beg for small support. The linux people, however, got millions and millions thrown at them - although they did exactly nothing to solve the problems. evil google did and the good people from OpenBSD did - but linux got thrown millions at them plus lots of noise à la "we must solve those ssl related problems!! bla bla!".
Guess who stood in the center of that operation? eff. open society and lots of other organisations who are well known for their proximity to large corps and the intelligence agencies.
But those organisations certainly make lots of PR and they have the millions to do it. Quite successfully, it seems.
Yeah I feel a little paranoid towards certbot too, but I use dehydrated, which is a few simple bash scripts. Works nicely except I haven't set up any automatic renewal mechanism yet.
Sure. Or I could spend 5$ and be done with it.
Funny. I never said "Oh no! Don't use letsencrypt!". I never missionized. I merely told my point of view and explained my reasoning.
But whenever I do that and deviate from the path of the wonderful and holy open whatever church there are some who try to missionize me.
Maybe letsencrypt is fine and great. maybe. I personally don't think so. Anyone here who likes and trusts them is free to do so and I will certainly not try to convince them otherwise.
Well, your reasoning got poor reception because it made no sense. Comodo has a much worse history of compromises and has a bigger attack surfaces. I can understand being willing to pay a few bucks for a certificate that doesn't need a 3 month renewal, or for a wildcard instead of N separate single domain certificates, or for the simpler email DV validation procedure, or for EV. But security paranoia towards LE seems misplaced compared to cheap commercial certificates.
It's so shady that Google, Facebook and half the web industry donated millions of dollars.
And they are so shady they even put everything on GitHub for everyone to see. My god.
@willie said:
I understand your point and you are right. But:
If it's just about having a cert to have ssl working we can use a self signed one. Not need for letsencrypt or any CA.
So, logically the whole question comes only up when a cert that is browser auto-accepted is needed/desired. So, we are talking user acceptance, here. That also means that I have to decide how I want to get that auto-accepted cert. I can either go the letsencrypt route or the CA route, with the latter one offering 3 month renewable certs, too, or else a full one for 5$ or so.
The question of reputation of the CA hardly enters the game. 99,9% of users out there never care. If they see a green lock or something like that and if their browser doesn't blink "untrusted!!! you really want to go ahead?" they'll happily accept it.
You chose a good example. comodo is indeed very shitty. But again, any solution that gives me a funny green lock symbol is good enough for the users.
So again the question for me is simply which price to pay for a shitty cert (and let's face it, letsencrypt certs are as shitty and worthless (in terms of trust) as comodos).
I personally prefer the effort to click on a "renew" button every 3 months or to simply shell out 5$ for a year. I also prefer that because it's less confusing and a bit more professional.
Others prefer the letsencrypt route and that's fine, I don't care and I won't missionize them.
Great, you got it. It's shady (among other reasons) because evil corps donate millions of dollars.
But you are, of course, free to believe the fairy tale that those corporations spend those millions because they are just nice guys who want to be our friends.
Oh well, they also have been caught to work closely with nsa and the like and they just coincidentially happen to be billion $ corporations ... And they just happen to censor accounts and to abuse and sell out our data.
Btw, I currently have the Eiffel tower and the brooklyn bridge on sale for a very attractive price.