The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Why should a site owner pay for an SSL now, given AutoSSL and Let's encrypt?

Discussion in 'Security' started by spaceman, Sep 20, 2016.

Tags:
  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Hi All,

    I'm just trying to wrap my head around the whole free SSL thing.

    We've been reselling SSL certs for ages, with an appropriate markup to compensate us for all the mucking around with buying, installing, troubleshooting when it goes wrong, etc.

    To be honest, I'm not bothered by the loss of markup income that we got from the above. I'm a big supporter of anything the makes the whole process less painful for us, and more economical ($0!) to our clients.

    Given that various providers are still trying to sell their SSL certificates... what should I advise my clients about whether they should consider a paid SSL or not? I've no doubt that the fast majority of our clients will be very happy to have free SSL certs from now on. But some larger clients (corporates and government departments) might distrust the "free" thing when it comes to matters of security.

    The only argument against $0 Let's Encypt SSL certs that I've found so far is that, unlike the Comodos and GeoTrusts of this world, Let's Encrypt don't offer any sort of warranty or insurance in the event that the encryption is broken or otherwise flawed. If that's the only argument against Let's Encrypt, then it's not good enough IMHO.

    Can anyone else offer up any reasons why come website owners should validly consider paying for their SSL cert in the future?

    Thanks,

    Ross
     
  2. KungFuJosh

    KungFuJosh Member

    Joined:
    Sep 17, 2016
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    There's different levels of SSL (as I'm sure you know), different warranty grades, different lengths of renewal time, and different levels of compatibility. And they don't support wildcard SSL. Some older browsers don't support them, but that's not that big of an issue.

    The SSL market has always been a funny playing field regarding pricing, but whether or not somebody needs a $10,000,000 warranty or not is a different story.

    I'm perfectly content with my free SSLs from them, but it's not enough for all purposes (enough for all of mine though).
     
  3. cPanelBenny

    cPanelBenny Community Manager, Development, dog scratcher
    Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    44
    Likes Received:
    20
    Trophy Points:
    8
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    The only additional reason I've seen presented for paying for a DV SSL is the length of time the SSL is valid (1 yr vs 90 days). Beyond that, I think paying for DV SSLs isn't going to be something folks will be convinced to do, once they learn that there are free ones available. The need for EV, Wildcard, and OV certs will all still be reasons to pay, and I feel like the people who need those levels of SSL will be willing to pay for them.
     
    Infopro likes this.
  4. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for that.

    Just had to remind myself what EV and OV certs are: DV OV and EV Certificates - SSL.com

    In terms of Wildcard SSLs..... I think you'd have to have a huge number of sub-domains to make this a good enough reason in it's own right, and/or the domains and sub-domains you want an SSL cert for are spread over a number of different servers.

    Speaking from our own perspective, historically we've recommended wildcard SSL certs to our clients just because, at a minimum, it allows us to have a valid SSL cert to work with dev. and test. sub-domain versions of their websites. So although I read that "Let's Encrypt" doesn't provide wildcard SSL certs, it does (I observe) issue SSL certs for properly configured sub-domains on the same hosting account. So in our particular use case, free Let's Encrypt SSL certs are covering all our needs, including sub-domains. Sweet!
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This is a really important point, IMHO. Thinking of all the folks who would never purchase certs for a family blog or small forum or whatever, they now have the ability to be more secure at no cost.

    Thanks, cPanel!
     
  6. KungFuJosh

    KungFuJosh Member

    Joined:
    Sep 17, 2016
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Yeah, it does everything I need also. But some people actually need real wildcard certs. There is a limitation as to how many domains (including the subdomains) that be included within a specific time period, but as long as you're working within those limits it's all good. They list the limits on their site somewhere.
     
Loading...

Share This Page