Does Rackspace support Let's Encrypt?

Most of my customers’s sites are hosted through a reseller who uses Rackspace hosting. Rackspace is not on the list of hosting providers who support LE. What options can I offer customers?

Thanks in advance.

Hi @beeline,

Is this VPS hosting (where you or the customer has root access) or shared hosting?

an option: OpenSource scripts for Hosteurope WebHosting

another option: https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode

Its worthwhile answering @schoens’ question as it will let us advise you of a good strategy

Andrei

It’s shared hosting.
At the risk of having to change my user name to Pollyanna :wink: let me get clear on how Let’s Encrypt works. For years hosting companies have been selling SSL’s to sites that needed security for collecting sensitive info from users. They made a small profit on these. Bluntly, Let’s Encrypt seeks to issue SSL’s for free. I wholeheartedly agree!
When I saw that Google was using https as a ranking signal, I thought of my dozens of customers (mostly very small businesses with tight budgets) having to pay for encryption on their sites. Yikes.
My conclusion is that LE is exactly what these customers need: free SSL’s. But, free SSL’s take some profit away from the hosting provider,so from a purely $ standpoint there’s a disincentive for them to join the movement, right?. With this in mind, how does one approach the hoster to secure all these sites?
I need to point out that even if I did have root access, I have no idea how to insert code or do any kind of programming. I work on the “soft” side of websites meaning I do content writing, keyword research, seo, customer training, etc.
Thanks so much

You are correct that some providers see this as lost income. On the other hand, some providers have more sensibly viewed this as a feature their hosting should “throw in” and now it’s affordable for them to do that. They are, after all, billing their customers to maintain a correctly functioning web server, having SSL/TLS certificates so that people can trust the server is just part of that. Imagine if a hosting site said “Oh, you want a Favicon? Those are $1 per month extra”. Crazy!

Many of the hosts on that list you examined have some sort of “one click” SSL feature, the customer (or in some cases a reseller on behalf of all their customers) clicks a button to say they want free SSL, maybe agrees the terms & conditions of the Let’s Encrypt service, and then it installs & automatically renews their certificates as needed. There are some very technical options if you’re comfortable writing shell scripts, but that sounds like it’s not for you.

You can use sites like https://gethttpsforfree.com/ manually, and provide the certificates + keys generated to any host the same way you would if you’d bought them from a commercial CA. Most hosts can do this, but they are likely to charge each time, and for Let’s Encrypt you’d need to do it at least once per site, every 2-3 months so that’s often unaffordable as well as being a huge pain in the backside.

Alas, Let’s Encrypt has no way to force a hosting company to offer Let’s Encrypt certificates to their customers. They’re free, that’s all the incentive available. You should examine the options you have for getting certificates elsewhere / just leaving your clients without HTTPS / moving providers. If you decide that you should move providers, don’t hesitate to mention to Rackspace why you’re leaving, maybe they’ll take a hint. It could make sense to take a hybrid approach, offer paid certificates to customers who want SSL right now and plan to move providers to get it free at a specific point, say, Q1 2018 or during a lot “quiet season” when you’ve less other things to do.

I think whether hosts charge to install a third-party certificate seems to vary quite a bit. But for those that do, this definitely leads to an incentive not to use Let’s Encrypt.

Thank you SO much for these replies. This is exactly what I wanted to clarify and your analogy of the favicon is a great one. I agree that it’s a feature hosts should provide in order to maintain a safer, more secure Web.
Your reply allows me to move forward more confidently as I advocate for free security for my customers. I’ll keep checking Let’s Encrypt for updates and trends.

Thanks again to all who replied.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.