Is SSL.com's ACME really free?

I saw Neil's post about SSL.com support in acme.sh and decided to go looking for more info on their site because it's always nice to see additional CAs support ACME.

Neil mentioned they're offering free 90-day single domain certs, but nothing I can find on their site can verify that claim.

From their What Is the ACME Protocol page:

What is the lifetime of SSL/TLS certificates purchased from SSL.com via ACME?
All certificates issued by SSL.com via the ACME protocol have a lifetime of one year.

Granted, it says "purchased" here. So maybe that's the confusion. But it also says:

Which types of certificates can I order from SSL.com with ACME?
The following SSL/TLS certificate products may be ordered via the ACME protocol by any SSL.com customer:
Basic SSL
Wildcard SSL
Premium SSL
Multi-Domain UCC/SAN SSL

The Basic SSL page describes a "single domain" cert (including a www SAN) for "As low as $36.75/year".

Further, their SSL/TLS Certificate Issuance and Revocation with ACME page says this:

All SSL/TLS certificates issued via ACME by SSL.com are one-year certificates. The SSL.com certificate type you will receive (and be billed for) depends on the number and type of domain names requested:

I added the emphasis on "and be billed for". So going strictly by the docs I was able to find. It sounds like they're only offering an ACME compatible endpoint for their existing paid cert offerings. If they offer anything for free, they definitely seem to be hiding it.

I haven't bothered to create an account with them yet. But can anyone confirm the availability of a free option (and if possible point to some sort of official doc talking about it)? It feels like if I had an account with any sort of payment method attached and ordered a single domain cert via ACME, I'd be automatically charged the normal price for a one-year cert.

3 Likes

why not give it a try?
you will get a cert without paying any money.

I do not know, does this clarifie the thing, or even makes more confusion?

4 Likes

With phrases like this:

Free 90-day DV certificates are issued automatically if your SSL.com does not have sufficient available funds to cover a one-year certificate when you request a certificate with ACME.

what's not to trust? (sarcasm obviously intended)

3 Likes

Thanks, @bruncsak. Not sure why I couldn't find that when I was looking. But yes, it does clarify things and basically confirms the shady situation I was worried about.

Free 90-day DV certificates are issued automatically if your SSL.com does not have sufficient available funds to cover a one-year certificate when you request a certificate with ACME.

So basically if your account has any means to pay for a cert, they'll definitely charge you for one. You only get a free cert if you create an account with no balance or payment methods.

4 Likes

Not if I already have an account with a balance or existing payment methods it seems.

4 Likes

I think it's a good thing to have multiple free CAs providing ACME certs out there. You never know what happens to LE in the future.

Although, if LE ceases to exist for some reason, I'm pretty sure those free certs will disappear very quickly gain :thinking:

4 Likes

IIRC, the certs only cover the registered domain + www. I think accounts are limited to the number of free certificates too, or perhaps that is just ZeroSSL that does that.

3 Likes

I found the post read like an advertisement and seemed in a little poor form posting a primarily paid service to a free service community support page. Almost like a paid advertisement, even.

When I looked at their site I could only find acme related information in relation to IoT, which seemed shady.

2 Likes

Funnily enough, if you do use them for an ACME cert their billing system (Dashboard > billing) doesn't quite understand that is was free (I don't have registered payment details thankfully):

If you do try to order a cert outside of the supported domain + www the ACME order will fail saying insufficient funds. Maybe they will make paid ones available in the future. For some users a $5 cert (for instance) wouldn't be a problem.

I think it's great that they're offering an ACME service. They suffer a little from the UI problems of most legacy SSL/Cert vendors (ordering a code signing cert is like a UI trip back to 1997).

4 Likes

Zoiks! While sorting through my junk mail folder I found an email from ssl.com saying they failed to bill $196 because there is no payment method on file. I'm nervous now :slight_smile:

[Edit: to be fair to them, new certificate orders now seem to be correctly allocated as free ACME certs, the old ones appeared as $49 Basic SSL certs]

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.