I saw Neil's post about SSL.com support in acme.sh and decided to go looking for more info on their site because it's always nice to see additional CAs support ACME.
Neil mentioned they're offering free 90-day single domain certs, but nothing I can find on their site can verify that claim.
What is the lifetime of SSL/TLS certificates purchased from SSL.com via ACME?
All certificates issued by SSL.com via the ACME protocol have a lifetime of one year.
Granted, it says "purchased" here. So maybe that's the confusion. But it also says:
All SSL/TLS certificates issued via ACME by SSL.com are one-year certificates. The SSL.com certificate type you will receive (and be billed for) depends on the number and type of domain names requested:
I added the emphasis on "and be billed for". So going strictly by the docs I was able to find. It sounds like they're only offering an ACME compatible endpoint for their existing paid cert offerings. If they offer anything for free, they definitely seem to be hiding it.
I haven't bothered to create an account with them yet. But can anyone confirm the availability of a free option (and if possible point to some sort of official doc talking about it)? It feels like if I had an account with any sort of payment method attached and ordered a single domain cert via ACME, I'd be automatically charged the normal price for a one-year cert.
Free 90-day DV certificates are issued automatically if your SSL.com does not have sufficient available funds to cover a one-year certificate when you request a certificate with ACME.
Thanks, @bruncsak. Not sure why I couldn't find that when I was looking. But yes, it does clarify things and basically confirms the shady situation I was worried about.
Free 90-day DV certificates are issued automatically if your SSL.com does not have sufficient available funds to cover a one-year certificate when you request a certificate with ACME.
So basically if your account has any means to pay for a cert, they'll definitely charge you for one. You only get a free cert if you create an account with no balance or payment methods.
IIRC, the certs only cover the registered domain + www. I think accounts are limited to the number of free certificates too, or perhaps that is just ZeroSSL that does that.
I found the post read like an advertisement and seemed in a little poor form posting a primarily paid service to a free service community support page. Almost like a paid advertisement, even.
When I looked at their site I could only find acme related information in relation to IoT, which seemed shady.
Funnily enough, if you do use them for an ACME cert their billing system (Dashboard > billing) doesn't quite understand that is was free (I don't have registered payment details thankfully):
If you do try to order a cert outside of the supported domain + www the ACME order will fail saying insufficient funds. Maybe they will make paid ones available in the future. For some users a $5 cert (for instance) wouldn't be a problem.
I think it's great that they're offering an ACME service. They suffer a little from the UI problems of most legacy SSL/Cert vendors (ordering a code signing cert is like a UI trip back to 1997).
Zoiks! While sorting through my junk mail folder I found an email from ssl.com saying they failed to bill $196 because there is no payment method on file. I'm nervous now
[Edit: to be fair to them, new certificate orders now seem to be correctly allocated as free ACME certs, the old ones appeared as $49 Basic SSL certs]
