My host sells SSL letsencrypt certificates


#1

They sell an SSH service per domain for 5 euro p/month. After buying from them it appears to be an letsencrypt certificate. Is this even legal?


#2

SSH or SSL ?

It’s not illegal to sell a service that uses free certificates. Can you provide a little more information.


#3

Ah my bad, SSL is what I meant. Early sunday morning typo :slight_smile:


#4

Still I think its kinda bad move to sell free stuff


#5

I agree totally. And why I was also asking for extra info ( i.e. who is the host)


#6

i have to disagree here.

using letsencrypt can be quite difficult and if a hosting provider takes all the pain away from the customer (i.e. provide a service) they are free to charge for it

there are lots of instance where service providers charge for installing and configuring open source or free software.


#7

Agreed. But then a one-time fee would be more suitable than a monthly subscription of 5 euro.


#8

It’s EXTREMELY confusing and incomplete. Obviously other companies are going to take advantage of that problem… and try to make a profit by it.

Why can’t LetsEncrypt make it unbelievably simple instead? Step-by-step? No “omitted steps”. No “impossible to be done with certain control panels”.

It CAN be clear and simple. It’s just not.


#9

Hi @susans, I’m sure our documentation and user experience can be improved a lot, but I have to disagree about the impossibility part. As we’ve discussed in other threads, hosting providers control what software users can install on the server, they control whether the users can install software at all, they control whether users can modify the web server configuration, they control whether users can install or activate third-party certificates. There is no way for us to usurp this kind of control and guarantee that every web site can use Let’s Encrypt or use it via particular tools.

The Caddy webserver comes close to the experience you describe (and that we’d like users to have).

https://caddyserver.com/

It will automatically get, use, and renew certificates for every domain that it serves, without being asked or told to do so. This is awesome, but not everyone is allowed to use Caddy on their host!


#10

It is not against our terms to charge for services using our certificates, though we’d strongly prefer that HTTPS just be part of every offering as a default with no additional fees.


#11

hi susans

your argument is very silly. Security, PKI and Encryption are a skill set.

By the same argument every network vendors should make configuring their devices simple, every server manufacturer should do the same.

Accountants and Lawyers should just make accounting and law easy, etc etc.

a lot of IT is understanding and applying principles. There is no universal no steps ommitted process. People use different servers, different service providers, different DNS providers. It would be impossible to tell the whole world to use one version of a web server and one version of an operating system


#12

Hi @ahaw021,

I disagree: Let’s Encrypt’s whole mission is about making HTTPS more accessible and easier to use. We do our best, but certainly we fall short in some ways, so feedback like @susans’ is definitely welcome.


#13

Tough I would prefer concrete feedback instead of “it sucks and it should be better<insert a lot of exclamation marks here>” :slight_smile:


#14

Yep, definitely more detailed feedback is more helpful!


#15

I’m new to lets encrypt. I used to be with StartSSL and as they got banned by Mozilla I was forced to look for a new CA. Glad I found lets encrypt.

I have to disagree about the idea that lets encrypt is hard to use or manage. I find it way easier and faster than other providers. I only spent about an hour on reading the documentation and then configured my entire server in less than 10 minutes.

Certbot is a blast to use and the fact that it can be fully automated is just amazing.

Hopefully, I will never have to look for another CA again.


#16

I believe we’re doing well for many people who’ve had certificates before, especially if they went through the process of generating a CSR and editing their web server configuration. We really have improved the process for a wide range of use cases. However, many people are still finding it a challenge.

As I’ve mentioned before, I don’t think there is a single silver bullet solution because we’re talking about a wide range of hosting environments, where the hosting providers control essential parts of the process—they can control whether customers can install software, they can control whether users are allowed to install certs at all. So for many cases there is nothing we can do, and we’re very reliant on the hosting providers to do the integration and make it work well.


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.