Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Free AlphaSSL Wildcard and regular SSLs - Page 6

Free AlphaSSL Wildcard and regular SSLs

123468

Comments

  • hzrhzr Member

    this normal, SH owns the isusing account, but you retain the ssl key, do not give up ssl key

    Senior software engineer @ Microsoft

  • v998v998 Member

    @Foul said: Tried out the new design and requested a cert, got the approval email, and then the issued email..

    however... looks like the issued emails with the certificate details are being cc'ed to singlehop.

    The old design also cc the certificate details to singlehop.. not a new thing with the new design

  • FiddeFidde Member

    Yeah, it's been that way for years [email protected] is always CC on the cert :)

    Thanked by 1Foul
  • EnumCEnumC Member

    I also want to say thanks for this great post! But the confirmation email is not showing up. How long is the 'normal' wait time for the confirmation email?

  • hellb0yhellb0y Member

    I`ve tried couple times but there is no confirmation email arriving.

     
    NitroVPS.ltd - High Performance Unmetered DDoS protected OpenVZ & KVM VPS Servers at Low Price ! 
     
  • @EnumC said: How long is the 'normal' wait time for the confirmation email?

    I ordered three certs at the beginning of May. The confirmation email came in after about 2 minutes.

  • EnumCEnumC Member
    edited May 12

    @hellb0y said: I`ve tried couple times but there is no confirmation email arriving.

    Same here. No confirmation email. Re-submitted and 2 days later, still nothing.

  • AluminatAluminat Member

    It's working now. You all can try to submit again. Need more time than before.

  • hellb0yhellb0y Member

    Submited yesterday, no confirmation email till today :/

     
    NitroVPS.ltd - High Performance Unmetered DDoS protected OpenVZ & KVM VPS Servers at Low Price ! 
     
  • yjp7172yjp7172 Member

    Submited yesterday, no confirmation email till today

  • doghouchdoghouch Member

    @yjp7172 said: Submited yesterday, no confirmation email till today

    CTRL+C much?

  • MaxisMaxis Member

    Is the server down?

  • sibapersibaper Member

    nope

  • lifehomelifehome Member

    @EnumC said:

    @hellb0y said: I`ve tried couple times but there is no confirmation email arriving.

    Same here. No confirmation email. Re-submitted and 2 days later, still nothing.

    I am looking at your order, and as your description, it is likely you have picked the wrong email address, or the one you selected cannot receive email normally.

    Try Putsmail as a email address tester. And, I have tried to resend your "order", as well as others.

    Telegram Me and Arch the way out.

  • aebaaeba Member

    For those who can't get the confirmation email: try the new site.

  • hellb0yhellb0y Member

    No chance, i`ve tried multiple domains , different emails :/

     
    NitroVPS.ltd - High Performance Unmetered DDoS protected OpenVZ & KVM VPS Servers at Low Price ! 
     
  • aebaaeba Member

    I was trying on the old site without success for days too, but the new one gave me the confirmation email and the cert right away. Too bad if it doesn't work for you.

  • ben1390ben1390 Member

    I've tried the new site many times and I have yet to receive a confirmation email

  • aebaaeba Member

    Sorry to hear that :(

  • FoulFoul Member

    If you're not getting a confirmation e-mail then it's most likely globalsign blocking the SSL Order for fraud risks/additional review

    This can be the case if domain has private whois, etc

  • Can confirm that the new site https://assl.loovit.com worked for me.

  • hellb0yhellb0y Member

    Got it working, the CSR was invalid and unfortunately there was no error during check in. Tried today with different CSR and it worked like a flaw :)

     
    NitroVPS.ltd - High Performance Unmetered DDoS protected OpenVZ & KVM VPS Servers at Low Price ! 
     
  • CeeCee Member

    The order was unsuccessful. In the submission of the order page has been waiting, waiting, waiting, but can not submit success.

  • MaxisMaxis Member

    @Cee said: The order was unsuccessful. In the submission of the order page has been waiting, waiting, waiting, but can not submit success.

    Confirmed. Got same problem

  • sibapersibaper Member

    In mean time get letsencrypt

  • FiddeFidde Member

    Fixed.

  • CeeCee Member

    @Fidde said: Fixed. Incredible! I was once again successful!

  • r00t4bl3r00t4bl3 Member

    sibaper said: In mean time get letsencrypt

    It's also free :)

  • EnumCEnumC Member
    edited May 21

    @Foul said: If you're not getting a confirmation e-mail then it's most likely globalsign blocking the SSL Order for fraud risks/additional review

    This can be the case if domain has private whois, etc

    Yep. Can confirm that seems to be the issue why the confirmation messages weren't getting sent.

  • xtremespbxtremespb Member

    Can't get the confirmation e-mail for re-hash.org domain. It has the public whois, the e-mail is a gmail. What can be wrong at this point?

  • eKoeKo Member
    edited May 27

    Indeed seems strange... does the website gives the option to send to the confirmation to that email ?

  • williewillie Member

    I got one a couple months ago with private WHOIS. I wonder if Globalsign/Singlehop simply caught up with this offer and blocked it. If yes, it was nice while it lasted!

  • sanvitsanvit Member

    @willie said: I got one a couple months ago with private WHOIS. I wonder if Globalsign/Singlehop simply caught up with this offer and blocked it. If yes, it was nice while it lasted!

    Nope! Got one few hours ago... Not blocked!

    BunnyCDN - A lightning fast CDN at a fraction of the cost (ref)

  • xtremespbxtremespb Member

    @eKo said: Indeed seems strange... does the website gives the option to send to the confirmation to that email ?

    Yes, I was trying to select several different mails, including the Gmail one, but didn't receive any confirmation e-mail anyway.

  • xtremespbxtremespb Member

    I tried once again and it worked. Thank you very much!

  • FiddeFidde Member
    edited June 30

    Well, just received this email

    Let's see what will happen going forward :)

    To Whom it May Concern:

    Singlehop has been alerted to the possibility of misuse or abuse of our free SSL agreement on your account. Our rules around these certificates dictate that resale of the certificates on the open market is strictly prohibited. The certificates may be given to, or sold to, clients of yours so long as the customers are hosted on Singlehop servers/ IP ranges.

    We ask that you please audit your SSL certificates and if any do not meet the acceptable use policy referenced above, we ask that you immediately suspend access to those applicable licenses. As of right now, we cannot guarantee that GlobalSign won't revoke the SSLs of their own accord.

    If during our own internal audit we find improperly used certificates, we will flag your account as unable to issue any new certifications.

    Please assist us in resolving this matter ASAP. We'd like to clear up any questionable use of these SSLs without legal involvement if possible.

    Thank You,

    -- Ryan Peternell | Billing Manager

    312-447-2580 | [email protected]

  • @Fidde said: Well, just received this email

    Let's see what will happen going forward :)

    To Whom it May Concern:

    Singlehop has been alerted to the possibility of misuse or abuse of our free SSL agreement on your account. Our rules around these certificates dictate that resale of the certificates on the open market is strictly prohibited. The certificates may be given to, or sold to, clients of yours so long as the customers are hosted on Singlehop servers/ IP ranges.

    We ask that you please audit your SSL certificates and if any do not meet the acceptable use policy referenced above, we ask that you immediately suspend access to those applicable licenses. As of right now, we cannot guarantee that GlobalSign won't revoke the SSLs of their own accord.

    If during our own internal audit we find improperly used certificates, we will flag your account as unable to issue any new certifications.

    Please assist us in resolving this matter ASAP. We'd like to clear up any questionable use of these SSLs without legal involvement if possible.

    Thank You,

    -- Ryan Peternell | Billing Manager

    312-447-2580 | [email protected]

    This is going to be fun.. You could argue that resale dictates a "sale" has been made (Exchange of funds / goods / etc), and your not making a sale? Or you could blag the fact you have a trillion domains and you've decided to cert them all? :P

    Good luck!

  • dynamodynamo Member
    edited July 1

    @Fidde said: Well, just received this email

    Let's see what will happen going forward :)

    To Whom it May Concern:

    Singlehop has been alerted to the possibility of misuse or abuse of our free SSL agreement on your account. Our rules around these certificates dictate that resale of the certificates on the open market is strictly prohibited. The certificates may be given to, or sold to, clients of yours so long as the customers are hosted on Singlehop servers/ IP ranges.

    We ask that you please audit your SSL certificates and if any do not meet the acceptable use policy referenced above, we ask that you immediately suspend access to those applicable licenses. As of right now, we cannot guarantee that GlobalSign won't revoke the SSLs of their own accord.

    If during our own internal audit we find improperly used certificates, we will flag your account as unable to issue any new certifications.

    Please assist us in resolving this matter ASAP. We'd like to clear up any questionable use of these SSLs without legal involvement if possible.

    Thank You,

    -- Ryan Peternell | Billing Manager

    312-447-2580 | [email protected]

    Quite possible that one of those providers who bundle such wildcard certificate with their VPS plans or those who resell these free certificates for a few dollars went to SG to bitch about it.

  • FiddeFidde Member

    Alright, weekend over, time to get back to life. Just sent this back, just so you all know, I don't wish to spend my time fighting this as I have better things to do in life so worst outcome is that I simply shut down the service.

    With cPanel and Let's Encrypt among others offering free SSL-certificates that don't have any restriction for which network they are being hosted on, this wouldn't be the end of the world or have as much impact as it would have a few years ago.

    If you use the certificate for any live site, look at this as a warning that your certificate might get revoked in the near future, and plan for that. For instance move to Let's Encrypt or set up monitoring, checking if the certificate is revoked, just make sure your not caught with your pants down. :)

    Hi,

    Thanks for your email, I've looked through your AUP and TOS both when I signed up and today. I've not found any information about restrictions for the SSL-certificates, for example, that they are only allowed to be used in your network, could you point me to any documentation on your website stating this?

    Could you also provide me with a list of certificates you believe does not follow your guidelines, and in what way?

    You also ask me to suspend access, could you tell me how I can suspend access to a SSL-certificate that is emailed to the client from Globalsign/AlphaSSL directly? Is there any way to revoke a certificate in the Leap control panel, if yes, how?

    I'm a little concerned that you bring up legal actions as a possible outcome when this is the first "warning"/"information" I've got that you believe that I'm violating some kind of guidelines. I don't charge anything for the certificates and trust that anyone requesting a certificate does this in good faith.

    Sincerely, Fredrik

  • FalzoFalzo Member

    @Fidde said: Alright, weekend over, time to get back to life. Just sent this back, just so you all know, I don't wish to spend my time fighting this as I have better things to do in life so worst outcome is that I simply shut down the service.

    With cPanel and Let's Encrypt among others offering free SSL-certificates that don't have any restriction for which network they are being hosted on, this wouldn't be the end of the world or have as much impact as it would have a few years ago.

    If you use the certificate for any live site, look at this as a warning that your certificate might get revoked in the near future, and plan for that. For instance move to Let's Encrypt or set up monitoring, checking if the certificate is revoked, just make sure your not caught with your pants down. :)

    Hi,

    Thanks for your email, I've looked through your AUP and TOS both when I signed up and today. I've not found any information about restrictions for the SSL-certificates, for example, that they are only allowed to be used in your network, could you point me to any documentation on your website stating this?

    Could you also provide me with a list of certificates you believe does not follow your guidelines, and in what way?

    You also ask me to suspend access, could you tell me how I can suspend access to a SSL-certificate that is emailed to the client from Globalsign/AlphaSSL directly? Is there any way to revoke a certificate in the Leap control panel, if yes, how?

    I'm a little concerned that you bring up legal actions as a possible outcome when this is the first "warning"/"information" I've got that you believe that I'm violating some kind of guidelines. I don't charge anything for the certificates and trust that anyone requesting a certificate does this in good faith.

    Sincerely, Fredrik

    do you have any numbers on how many certs were issued through your page? just curious.

    Netcup DE KVM specials: 1vC 1GB 18,88€ or 4vC 4GB 42,88€ yearly with 5€ off 1st order: 36nc15005674351 / 36nc15008174834 UltraVPS.eu KVM in US/NL/DE, 15% off 6months: 1GB & HDD from 2,55€ or 2GB & SSD from 3,83€

  • rm_rm_ Member

    Fidde said: set up monitoring, checking if the certificate is revoked, just make sure your not caught with your pants down.

    This is what I use: https://gist.github.com/romanrm/bb95e209c4a75efc32b0e5d46d0881e8

    Thanked by 4ehab Fidde boernd yomero
  • FiddeFidde Member

    @Falzo said:

    do you have any numbers on how many certs were issued through your page? just curious.

    About 9k Wildcard-certs and I guess a few thousand not wildcard-certs.

    Thanked by 1Falzo
  • FalzoFalzo Member

    Fidde said: About 9k Wildcard-certs and I guess a few thousand not wildcard-certs.

    wow...

    Netcup DE KVM specials: 1vC 1GB 18,88€ or 4vC 4GB 42,88€ yearly with 5€ off 1st order: 36nc15005674351 / 36nc15008174834 UltraVPS.eu KVM in US/NL/DE, 15% off 6months: 1GB & HDD from 2,55€ or 2GB & SSD from 3,83€

  • ehabehab Member

    if @Fidde now asks 5€ per certificate he will be happy man.

    "too much is never enough"

  • AnthonySmithAnthonySmith Member, Provider

    Lets hope you used fake details when signing up and they did not send you a notice before use, thats going to be EXPENSIVE!

    Inception Hosting Limited - NL, UK, Phoenix AZ USA, KVM and OpenVZ - | 50% OFF Phoenix AZ KVM. | 256mb & 512mb UK
    ServersNV a brand of Inception Hosting Limited - UK KVM and OpenVZ - | ^Use CODE: 50offphx4life | ^€8.00 p/year LIMITED

  • FiddeFidde Member

    @AnthonySmith said: Lets hope you used fake details when signing up and they did not send you a notice before use, thats going to be EXPENSIVE!

    Nope, they also have my CC-details and they even bill me automatically ;)

    I haven't found anything in their terms about it and I've paid for "Unlimited SSL-certificates", also, it's probably going to be more expensive for Globalsign to revoke all the certs so the worst they'll probably do is shut down my account.

    I have the option to close my CC for Internet transactions and I have a hard time thinking that SH will try to use legal actions, I have as far as I know not broken any law. Also, SH must have a unlimited deal with GlobalSign, otherwise, they wouldn't be able to offer such a service.

  • chateauxchateaux Member

    If you are on a cpanel server, just use letsencrypt.org‎, free free free! I use this for all our test sites and staging environments etc. Super easy to use, just click one button!

  • MikePTMikePT Member

    @Fidde,

    It was excellent while it lasted. I/we appreciate your effort and awesome contribution. Totally worth it. Just dont put yourself at risk, its not worth it.

    Thank you for everything!

    European NOC legally registered - Providing Ticket Support/ Server Monitoring Solutions

  • Mahfuz_SS_EHLMahfuz_SS_EHL Member, Provider

    @Fidde Do you have the Script uploaded anywhere ?? Github ??

    AlphaSSL Revocation Issue is being investigated.

  • williewillie Member
    edited July 3

    Oh well, this was nice while it lasted but I figured it had to end eventually. Thanks for running it all this time, Fidde.

    @chateaux everyone knows about letsencrypt, but it does not issue wildcards. If you're going to suggest getting separate certificates for each subdomain, that's not a new idea to anyone either. Wildcards are still nice if you can get them.

    Thanked by 1hotsnow
Sign In or Register to comment.