IT.COM

question Free SSL Certificates

Spaceship Spaceship
Watch
Impact
11,335
I read a thread a few days ago related to hosting and free SSL certificates, where somebody made the offhand comment about if your hosting doesn't provide you with a free SSL, then change your hosting. But unfortunately, i didn't have a lot of interest at that time and cannot find the thread with my searching.

But anyhow. I didn't think I needed to pay much heed to the comment because I have (or had) free SSL certificates for my domains with my VPS. But upon further recent discussion with my host. They are telling me the free SSL certificate only applies to cPanel logins, and doesn't apply to Visitors or Client Purchases. Which makes the free SSL's I currently have, pretty much useless.

So what are the real facts here? What are these free cPanel SSL certificates which don't cover visitors or client purchases? Is this normal? And we need to purchase separate certificates for each domain to be compliant with Google's Website Security Directives?

This "seems" like a change in my hosts policy just recently. So I'm asking here for some clarification.
 
Last edited:
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
0
•••
Let's encrypt ?​

I'm sorry @Kate. I missed the meaning meant by this comment. Went completely over my head. Could you please explain more fully?
 
0
•••
Use https://www.cloudflare.com, it's free and only takes a few clicks.
You can use the paid version for your money sites and the free version for your backlink sites.
As per your question MOST hosting companies give one SSL to your main site. That explanation they have you didn't make any sense.

Good luck!
 
0
•••
Free SSL certificates might have a time limit on them and have to be swapped for new ones before times up. Multiplied by the number of domains you want to have it on.
 
0
•••
They are telling me the free SSL certificate only applies to cPanel logins

Two points here:

1. All CPANEL-based hosts do have an opportunity to enable AutoSSL feature which is now part of CPANEL. The certs will be issued either by Lets Encrypt or Comodo (the host decides). Cpanel AutoSSL plugin is (_imho_) in beta as it is buggy. It is somewhat useful if there are no commercial 1-2 year long certs in the same account (as there is a bug where such commercial certs are replaced with free ones, which is still not fixed, even though cpanel help says the contrary), and if the hosting provider really cares to look what happens with their servers 24/7/365 (due to various bugs, free 3-month-long autossl certs may or may not be renewed for example). Most hosts with CPANEL but without AutoSSL are looking to sell commercial 1-2 year certs though.

2. Managing free autossl for a bunch of domains that are coming in and out, and so are likely "addon" domains (in cpanel terms) is a pain. Just try it with any cpanel and at least 100 addon domains. For example, if the host elected to use LetsEncrypt (vs. Comodo) - then only 20 new "addon" domains weekly would receive free ssl (with a default setup). This is due to LetsEncrypt limits. Yes there are ways to play with configs etc, and all can be solved after some efforts, but CPANEL currently does not appear to be the best solution to serve a bunch of domains with a free ssl. Alternatives? I"m looking for them now. Too lazy to play with the things in *nix terminal (but it may be the best solution in fact).
 
Last edited:
1
•••
Let's encrypt ?​

I'm sorry @Kate. I missed the meaning meant by this comment. Went completely over my head. Could you please explain more fully?

Lets Encrypt comes with Cpanel and is free and can be used with any domain. I am using on my site now.
 
0
•••
I am waiting for them to confirm. But my host is saying I have 1yr auto-renewing Comodo SSL's being used under cPanel AutoSSL plugin. I know they are auto renewing because almost all of them got auto renewed in the last 3 months.

What get's me is my host is saying these are purely for cPanel logins and don't apply in any other circumstances. However, I feel sure that I was testing these out for http/https against my own websites in the last three months (but I could be wrong because there has been a LOT of water flowing under the bridge in this last 3 months,and HTTPS/SSLs are not my strong suite). Which if this doesn't apply to websites anymore they are going to be hopeless against Google's determination to not connect to any http website from July. Which was I'm sure the reason I was testing this out.

So is it possible my host is now deliberately restricting these AutoSSL certificates only to cPanel logins. Forcing me to buy paid SSL certificates when Google's https policy kicks in, in July.

I am in ongoing discussions with my host about this. But responses from them can vary from a few minutes to a few days. I will keep you all informed. But in the meantime. If you have any observations about anything I've said. I'd like to hear them. Tnx.
 
0
•••
0
•••
So is it possible my host is now deliberately restricting these AutoSSL certificates only to cPanel logins.
After logging into cpanel, Go to "security" - SSL/TLS status. You will see the list of all ssl certs, free or paid, currently installed for various domains / websites. If it says something like "AutoSSL Domain Validated. Expires on September(july,august) XX , 2018. The certificate will renew via AutoSSL." for all domains that are supposed to have free ssl and do really have it - then all is fine, and the system will also renew certificates. The renewals are occuring each 60 days (at least the system starts trying to renew) and each cert. is valid for 3 months after being issued.

P.S. the above applies to various hosted websites and their visitors are supposed to be able to access websites using https (with a free ssl). The certificate for the one main domain name - which may also be used for cpanel login - is not an issue here as far as I understood.
 
Last edited:
0
•••
Too many scam hosts out there.
Let's Encrypt is the most used free SSL cert on the web, the use and installation is completely free and is absolutely visiable to everyone inclding visitors. For most of personal sites or sites that is non-trading involved, it can be easily installed on a server using different codes depends on the operating system of the server. Also, pretty much all of control panels offer support for the easy deployment of Let's Encrypt if you are using one.
 
0
•••
Back