SSLforfree.com throwing error trying to get DNS Verification text records

#21

I recommend you try zerossl.com again. sslforfree.com has been completely unusable for several days, however zerossl.com seems to only have intermittent problems, and I was able to get Certs issued yesterday afternoon, even though I had problems in the morning. (The errors were ‘too many connections from this client…’ related, so I’m assuming zerossl.com is simply overwhelmed with requests with sslforfree.com being down.)

For zerossl.com, “try again later and it will likely work,” seems to be the best answer.

Hope this helps!

-Dan

#22

Yes, I downloaded zerossl tool for windows 10 desktop and generated the certificate shortly thereafter, not on line but directly on desktop. Did not have any problem doing that and it was quite a painless procedure. Furthermore since I have my website on my own server, I did not have to go through any hoops. Anyone in a similar situation with a similar configuration can contact me for instructions (if needed)

#23

Not sure if it will help you but you can just download Certify The Web for https://certifytheweb.com on windows and fetch certificates (manual DNS is supported but you should definitely try out acme-dns or use a supported DNS provider). Then you can do whatever you want with the certs.

In the near future we will have automated deployment to any other server so you can renew your certs and make it update a bunch of other servers with the same cert automatically.

#24

Could it be CSR generation problem?

#25

SSLforfree.com is now working, though I had the same error issue some days ago, then came across this thread so I email them and they replied me over 24-hours ago but i just tried over an hour ago and I was able to successfully renew 7 ssl certificates on their platform now. Among them are b-kenaresourcesltd.com, beautyclassicmart.com, etc

#26

Can I just throw in my 2c.

Using sites like sslforfree and zerossl represent a security hazard. In many cases people are trading security for convenience. Yes it is easy to get a cert from them. But you are also entrusting them with your private key (if you don’t provide your own csr).

Its called a private key for a reason.

Such websites could simply wait for a security newb to create a certificate for a high value target and they get the key for whatever nefarious reason they may want it for.

I would never use such a service and would recommend no person ever uses such a service.

#27

If you are providing the CSR then there is no serious security concern with these services. Otherwise, I agree.

-Dan

#28

…and if you aren’t providing the CSR the private key is generated in-browser and never sent to them. There are good reasons not to use these sites, but this isn’t one of them.

#29

While this may be true for the current set of web-based ACME cert providers, it may not always be and non-tech-savvy users can’t really be expected to audit a site’s code regularly to verify it. In the spectrum of safe to unsafe practices with regards to generating a certificate, I’d argue it still generally leans towards unsafe.

#30

As it has been pointed out several times previously, the argument of being a “security hazard” is equally applicable practically to every desktop aplication or phone app - most would have full network access and access to your storage/contacts/etc. Same with your browser extensions - quite a few have full access to the content of the pages you are loading or the texts you are typing. In this case, as also has been pointed out, you can use some means of reducing the risks (such as creating a CSR or ensuring no data is sent back once the app is loaded, etc), but in essence it is indeed a matter of trust, like with everything else.

NB: For ZeroSSL specifically that has already been explained I believe. Apart from having no access to what you are entering/generating/doing, the site is not even using cookies and it does not offer any verification helpers (such as ftp uploads for example) or key generation involving any server side code. If any helper functions ever appear on the site (perhaps some diagnostics in case of errors you might want some help with), the necessary explanation of what information might be required to be seen by the server will be given and explicit permission to procees will be requested.