Hi,
We currently use GoDaddy for SSL. It is due for renewal and seems to be around $109 USD to renew. It seems a lot given first year was like $15 or so.
Do you guys have any recommendation so that we don't need to switch every year.
Recommendation for SSL Provider
yjun355 on 11/04/2020 - 22:15
Comments
Just standard ssl.
Lets encrypt is bit annoying as you need to renew in 3 months. we use that for test server. in prod, we don't want to risk it and don't mind buying ssl
@Thrift is correct. I have Let's Encrypt on all my sites, and I haven't touched the renewal ever. It's all just automated.
Mine the same, very convenient and their bot is fairly easy to set up on VPS server.
VentraIP include SSL with their hosting packages and it auto renews every 3 months.
Hostgator also provide the same.I don’t think GoDaddy will support letsEncrypt as they make so much money selling SSL.
If your hosting doesnt give you free automatic SSL, move
For cheap SSL, need to move every year for that first year promoMy hosted is with AWS (Amazon web services). It's essentially like having virtual private servers.
So need to manage SSL ourselves.
Had a look and rapidssl order 4 years for $49 USD. That looks pretty good. Anyone users rapidssl?
If you are with AWS, just use the cert from AWS for free! You need to know how to use it though.
https://aws.amazon.com/certificate-manager/looks good but not clear how to set it up :)
You need to read the docs, or ask someone who knows how to do it. I'll do it for 109USD :)
@leiiv: actually i looked into it. doesn't work for it. you need few more things to setup like loadbalancer, route 53, etc. At this stage, we might just switch to rapidssl. it looks good for $50 for 4 years.
AWS — you mention "virtual private servers", so I'm guessing you mean EC2?
If that's the case, more the reason you should use Let's Encrypt. Just set up the ACME client and it should automagically renew your certs periodically.
Couple of questions on that:
let's encrypt is good enough for prod website where there are credit card transactions through stripe or PayPal?
can you tell me how this acme client work? We have let's encrypt on simple WordPress sites where we don't do any financial transactions. But we have Cron job that runs to auto renew in 3 months. It gets annoying as sometimes fails and then doesn't renew. We don't want that scenario on live websites.
With acme, it takes care of itself and will not get scenario where it fails?
Sorry late reply:
Let's Encrypt (or an SSL certificate for that matter) doesn't really have much to do with how secure your website is. It's really just a stamp of approval from a company that's "well-known" and can vouch for your existence. The whole SSL certificate business is kind of stupid for that reason. You're really just paying a company to give you a stamp, which tells everyone else on the Internet that you're legit because you paid them. Extended validation certificates (where you get a green bar on the address bar) are slightly different. Same concept but they do a bit more checks like address matches the business name, etc. Therefore, it's a lot more expensive and not supported by Let's Encrypt.
ACME client is pretty much just a script that automates the renewal process periodically (a couple of times before the 3 month period). It does this by interfacing with the Let's Encrypt API servers and creating the file that is being requested in the web root directory. I think what you mentioned about renewing the certificate was probably a older version of ACME; it's a lot more stable now from my experience, and it doesn't wait until the absolute last minute (3 months) before renewing; it picks a random time to renew.
Are you looking for Extended Validation (EV) certificates? If not, does your hosting provider support Let's Encrypt? It's free and serves the purpose.