21 votes

SSL.com is evil and deceptive: Don’t do business with SSL.com

8 comments

  1. [8]
    drannex
    Link
    Why would anyone buy their certs these days for a website? LetsEncrypt gets the job done and auto-updates if you let it. I'm happy they mentioned that at the end.

    Why would anyone buy their certs these days for a website? LetsEncrypt gets the job done and auto-updates if you let it. I'm happy they mentioned that at the end.

    24 votes
    1. [5]
      mild_takes
      Link Parent
      You know what blows my mind? Websites that still don't have SSL/HTTPS. A handful of local businesses in my city don't have it and it drives me nuts. LetsEncrypt makes it SO DAMNED EASY AND FREE...

      You know what blows my mind? Websites that still don't have SSL/HTTPS. A handful of local businesses in my city don't have it and it drives me nuts.

      LetsEncrypt makes it SO DAMNED EASY AND FREE that nobody has an excuse to not have it set up.

      17 votes
      1. Gummy
        Link Parent
        I run a private website my friends use primarily as a shared media server and cloud storage. I was worried https was going to be a pain, but after breaking down and just doing it one day it was...

        I run a private website my friends use primarily as a shared media server and cloud storage. I was worried https was going to be a pain, but after breaking down and just doing it one day it was surprisingly easy to setup. I can only assume smaller sites haven't done it because it seems intimidating.

        Now if somebody can tell me why some of the state government pages for Pennsylvania aren't using ssl that'd be great lol

        6 votes
      2. [2]
        adutchman
        Link Parent
        The only reasonable use-case I have seen for no SSL/TLS is retro sites or just blogs that need/want to keep compatibility with old computers. Other than that I also think it is the bare minimum. I...

        The only reasonable use-case I have seen for no SSL/TLS is retro sites or just blogs that need/want to keep compatibility with old computers. Other than that I also think it is the bare minimum. I must say that I have not really encountered any websites without SSL/TLS in the Netherlands though.

        5 votes
        1. largepanda
          Link Parent
          That doesn't even mean you can't have TLS. You can just not forcibly redirect http clients to https, plenty of sites do that for retro support.

          That doesn't even mean you can't have TLS. You can just not forcibly redirect http clients to https, plenty of sites do that for retro support.

          8 votes
      3. ilyag
        Link Parent
        I run many informational sites with a no-TLS option on purpose, not only for compatibility with older browsers, but also to facilitate access. Accessibility and compatibility are important along...

        I run many informational sites with a no-TLS option on purpose, not only for compatibility with older browsers, but also to facilitate access. Accessibility and compatibility are important along with security, and TLS has many failure modes to contend with.

        4 votes
    2. unkz
      Link Parent
      Well, from ssl.com there's no good reason. I buy from AWS though because it's technically possible but quite a hassle to use letsencrypt with Cloudfront/ELB.

      Well, from ssl.com there's no good reason. I buy from AWS though because it's technically possible but quite a hassle to use letsencrypt with Cloudfront/ELB.

      6 votes
    3. AntsInside
      Link Parent
      Using LetsEncrypt is usually the right answer, but if setting up automatic cert renewal is awkward for some reason (eg environment not fully under your control), a longer running cert is not much...

      Using LetsEncrypt is usually the right answer, but if setting up automatic cert renewal is awkward for some reason (eg environment not fully under your control), a longer running cert is not much of an expense from a reasonable provider.

      6 votes