My Thoughts on Let's Encrypt


#1

Much thanks to everyone for responding to my questions in my short time here. I was interested in LE because I wanted a free automated solution for data security against my online store. After much thought and consideration, I realize that manually renewing my SSL every 90 days is a security risk because there is a dependency on me and I don’t consider myself to be reliable long-term to maintain this. Eventually, something more important will come up and there is always that small chance it could.

You might say, “well, it’s only every 3 months” or “you can do it in no time”. Although that is true, I believe relying on myself for this task is risky. I could solve this for a few bux a month. Additionally, I do very much trust Let’s Encrypt to install and renew it from my machine. The only problem is I am not willing to trust myself to take on this responsibility nor am I interesting in repeating this process every 90 days. I believe the after-90 day expiration assumes that the user will make it a high priority, and there is no reason why the user shouldn’t. At least, that is how I feel. I would like to revisit Let’s Encrypt when 1 year renewals are allowed because this is more attractive to me. I want to focus on one thing and managing my SSL was never part of the plan.

Thanks so much for your help and I would love to hear your thoughts.

Cheers
Brody James


#2

You can auto-renew it if your client supports it. If it does, you’ll never have to think about it ever again :slight_smile:


#3

Cheers VladGincher. That’s not an option for me. I wish it was. I use cPanel Shared Hosting and I would have to upgrade to $30-$40/month private hosting plan. It’s cheaper to pay a few bux a month than upgrade plans.


#4

Hi @BrodyJames, thanks for the comment.

While convenient Let’s Encrypt support isn’t available for every hosting provider, it is for some of them:

Hopefully hosting providers will continue to understand how HTTPS support is important for their customers’ security, and continue making it easier to enable.


#5

Cheers schoen. I wish GoDaddy would make it possible to auto-renew Let’s Encrypt on shared hosting. For example, 1&1 provides a free SSL with their basic hosting plans. Anyway, I understand GoDaddy sells different products and that is just how they want to run their business. Let’s Encrypt is a company I feel I can trust but I can’t use it because my priorities are in the way. I did look at other hosting companies but I always felt something missing because I am very comfortable with GoDaddy.


#6

They probably won’t ever do that. They lose a lot of money on domain registrations (going below the actual cost charged by the central registries) and make it back pushing their paid products, especially hosting and certificates.


#7

Hi Brody

Good points. LetsEncrypt is a great tool and works well in given scenarios. It’s not a tool that everyone has the ability or experience to utilise.

The cost of setting up LetsEncrypt and maintaining is something that has to be accounted for. With Domain Validated Certificates coming down in price businesses need to make the call between free and needing setup or paid and needing to touch it less often (every 1-3 years).

For me ACME brings lots of efficiencies but like any new technology you need to do the yard work. There are plenty of people in this forum who posts indicate they are not quite ready for ACME and cost benefit isn’t there for them.

I also would like to say thanks for being mature and not throwing your toys out of the cot and demanding people make things simpler or do things the way you think they should be done.

Longer term the power will be in things like CPANEL and PLESK automating the backend functions and web-hosting companies and web servers integrating LetsEncrypt as part of the stack.


#8

I’ve been using LE for several months now on 28 domains, some of my sites are already onto their 3rd renewal, also using LE certificates on my Postfix and Dovecot mailservers.

Never had a single problem or skipped a heartbeat, my renewals are automated with a simple 4 line bash script and LE certificates all score A+ on Qualsys versus some certificates I have tested from some other paid providers.

If you are unable to run your own server, bash scripts, renewals etc … use something like https://letsmonitor.org to keep an eye on them for you. I personally don’t use https://letsmonitor.org but it’s useful for many who are not really able to run certbot on their own server.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.