Let’s Encrypt is a new free certificate authority

[fluidfloyd]

Mike...Ran across this on a blog I read from time to time. As a complete slug at this type of stuff T thought you might like a look at it. More curious then anything but I consider you to be the expert plus! Your thoughts are always appreciated.
Thanks,
George
http://borepatch.blogspot.com/2014/11/if-you-strike-me-down-i-shall-become.html
http://borepatch.blogspot.com/2014/11/if-you-strike-me-down-i-shall-become.html

 

[Keeper]

Bookmarked. I will be all over this if it goes live.

Nice find. Thanks

 

[fluidfloyd]

Keeper...Not really sure just what I ran across but it would appear to my limited working knowledge of such things that it makes you very secure to outside sources wanting obtain what you are doing. I will just have watch and see what I can learn from the ones in the know such as you and Mike. Ray Charles has a better vision of this stuff then me but that's not saying much. As the say in the oil field "If they can't eat it or screw it they'll crap on it!." Pretty much the same for welders! Later!
George

 

[Mike]

I'm interested in how the automatic enrollment process works. Currently, you generate an SSL Certificate and Signing Request, on a server. In Web Host Manager, that requires all of one mouse click. From there, WHM makes life pretty easy. You just copy-n-paste a certificate and a certificate authority file into the appropriate fields in WHM, and Bob's your mother's brother. How do you make the Certificate and Signing Request application an automatic procedure, when the server could be running any one of several operating systems, any one of several control panels, or no control panel at all?

As for cost, the certificate on this site really broke the bank. For a 60 month certificate, I paid all of $18.25, or 30¢ per month. I guess free is still free, but at $3.65 per year, the certificate is the lowest ticket price item on this joint.

I guess I just don't see the confusing application process, or the confusing installation procedure they are talking about. I wish everything was so simple and so inexpensive. Color me unimpressed.

 

[Mike]

I was talking this one over with one of the employees of the hosting company I work with. Like me, he thinks it sounds pretty interesting, but he really doesn't see it working very well in actual practice. Their How It Works page shows how the package is installed on a Debian server, which is really nice for the handful of server admins running Debian, but the last time I checked, APT didn't exactly work on CentOS. Which renders the concept totally useless to me.

I obviously didn't get my Black Friday filter installed in SpamAssassin early enough, but I see Namecheap is running a lot of Black Friday specials. One of the specials is the opportunity to purchase Positive SSL certs at 98¢ for the first year. That comes to less than 8¢ per month. At that price, I really don't understand how Let's Encrypt considers price to be a sticking issue. Sure, a free service would save you that 98¢, but I suspect we've all lost more than that in the couch cushions, over the past year.

 

[Keeper]

I did not realize that certs had come down that much in price. I was looking a couple years ago and it was along the lines of $300+ a year.

 

[Mike]

If you are purchasing an extended validation cert, you can pretty much spend as much as you want. (Or is that a lot more than you want??) That's really not fair to say. The re-seller I work with sells a Comodo Multi-Domain Extended Validation SSL cert for $205.63/year. Of course, you can purchase that same cert directly from Comodo and pay $904.01/year ($75.33/month), but since we're not a business that holds sensitive data, such as credit card information, we have no need to spend that kind of money. An extra $75.03/month, just to have a green address bar? Not in this lifetime! I had my certificate in fewer than 5 minutes, whereas an EV certificate can take up to 7 days, as all of the ownership records have to be checked and validated.

For simple certification, you can buy certs for a lot less money than you can buy a domain.

 

[Keeper]

Hell I only need a single domain wildcard cert.

I am in the process of (shudder) allowing remote access to our email server. I do not necessarily need an outside cert as I run an inside CA. But the newer IE's tend to just block the website with a "Cannot connect" error when using a non-authenicated cert, so this will save me a huge amount of service calls from folks that cannot connect to the website.

 

[Mike]

At least some people are becoming more security-minded, so adding a cert can also provide them with some peace of mind.