Free SSL will never be supported at many hosting companies due to $$$

The (very poorly maintained) hosting company we are currently stuck using (at least for another 1-2 years), doesn’t seem to support/assist/allow or even understand the concept of “free SSL certs”. They sell them for $170 themselves. We in the world would they allow us to obtain/install free ones?

I thought we could install one anyway using the “manual method” of Lets Encrypt. How is the very long, complex, impossible to understand “manual method” actually “manual”? It forces us to install plug-ins and download/install custom software.

Manual means manual. We want to MANUALLY just create a folder. MANUALLY just install the certificate, etc. 100% everything must be manual.

Our hosting company is using an extremely old version of a hosting panel that doesn’t even exist any more: WebSitePanel.

They will NEVER be upgrading it, nor changing it.

Contractually, we have to stay at this poorly run hosting company for another 1-2 years.

We also looked into the FULLY manual method over at SslForFree. It would be fully doable except for 1 thing. They demand we create file folders that contain forbidden characters. (Starting with “period”.) So that’s not possible either.

If that's the only problem you had with sslforfree, you might try https://zerossl.com/ which is similar, but also supports a DNS-based challenge as an alternative (disclaimer: I'm just reading their documentation, haven't used that site myself).

Unfortunately, if your hosting provider does not support providing your own certificates or somehow prevents the domain ownership challenge from passing, there’s nothing that Let’s Encrypt can do. It’s simply not technically possible.

Let’s Encrypt removed the financial barrier to getting a publicly-trusted certificate. It’s still up to hosting companies and website owners to make use of that. What Let’s Encrypt can do is make this process both as secure and simple as possible (which, of course, usually involves trade-offs in one direction or the other).

Ultimately, it’ll be up to the market to solve this. Browsers have already started showing warnings for sites that do not use HTTPS if they ask for sensitive information. At some point, all sites that do not use HTTPS will show such warnings. All that is increasing the pressure on hosting companies to simply provide HTTPS as part of their regular hosting packages (which many of them have started doing already), and at some point site owners will just stop using providers which refuse to change. This might not help you in your situation today, but it will help somewhere down the line.

2 Likes

This is not completely true

You can pass your traffic through a service like cloudflare and use their or letsenrypt certificates

Andrei

Maybe if I could understand WHY a hosting company would say:
“Sure, we’ll install your free certificates for you… so you don’t have to pay $200 for ours. No problem.”

Just doesn’t make sense. I’m surprised ANY hosting company that sells them… would enjoy losing that money.

$200 x 10,000 customers… it starts to add up. ($2,000,000, which I assume is mostly profit.)

After hours of work… I finally managed to get the certificates generated (but not yet installed).

I don’t see any info on this next step:
Do I send all 3 of my files to my hosting company? Or do I keep the “private” file?

certificate.crt
private.key
ca_bundle.crt

Because providing TLS for little or no fee is morally right, practical to do, their competitors do it, and their customers will leave if they don't.

They are not in a strong position to do the wrong thing, because hosting companies are a dime a dozen and it's (relatively) easy to switch.

You should give the private key to the hosting company.

It's critical to security to keep the private key private and secure. But it needs to be installed on the servers using it. So, if your hosting company operates the relevant servers, they need to possess and install the key.

1 Like

There are many hosting providers that not only allow you to use Let's Encrypt certificates but even go to some trouble to make it easy for you. I'm guessing that you would already have switched to one of them yourself, if it wasn't for that unfortunate contract. But contracts only last so long, and eventually they'll start losing customers.

Yes, all 3 files.

I’m still struggling with our hosting company on getting this new cert installed.

They demand that I ask my SSL provider (sslForFree) to export the SSL as a.pfx format.
And then send the password to the hosting company.

Is that possible? How?

It should be possible; do you have a computer that you can run the openssl command line program on?

Susans

Place all 3 files into a directory. I am assuming you are using windows.

certificate.crt
private.key
ca_bundle.crt

Go to here: https://indy.fulgan.com/SSL/openssl-1.0.2k-i386-win32.zip
Extract the contents of these files into the same directory
open a command prompt and type openssl version

openssl pkcs12 -export -out provider.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt

for your own learning

http://operational.io/openssl-commonly-used-commands/

1 Like

As an aside, I think that the momentum is already rolling for SSL certificates to become free – that is to say, issued by Foundation-supported entities such as this one – in order that more and more of the content now being carried through the Internet will be encrypted “as a matter of course.”

The present monopolies have no leg to stand on.   As it becomes more and more clear that the companies who merely issue Domain Validation (DV) certificates, while charging you maybe hundreds of dollars each for the privilege, actually aren’t really doing anything to earn that money, I predict that their market/monopoly will evaporate.   Then, as the present sometimes-punitive cost blockades fall by the wayside, we will indeed achieve a much more widely-secured Internet, which to me is a very important goal.

(To me, it is indeed an [inter-]national security issue:   to reduce the intrinsic vulnerability of every civilian communication while also increasing their accountability.   Each message might seem to be a very small thing, but with billions of such messages passing back-and-forth every day, “it adds up.”)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.