Wait a sec guys. What do you mean nothing changed. We now have a limit of 3 90days certificates. That’s a huge change
If that is all you have to do, and (i) you are running a Mac locally, (ii) you have other websites that run wordpress… I suggest the following:
- On another internet connected server, install ACME-DNS (https://github.com/joohoi/acme-dns)
- On your Mac, run Certbot with DNS authentication via the the ACME-DNS certbot client (https://github.com/joohoi/acme-dns-certbot-joohoi)
You will have to configure your domain’s DNS one time, to point to the ACME-DNS server you configured. After that, all configuration and authentication will be done by the certbot plugin on the ACME-DNS instance.
The LetsEncrypt server also follows HTTP redirects, so you may be able to have your specialized webserver redirect everything in /.well-known to another server you can control. I am a big fan of acme-dns though, and using it will give you the chance to use wildcard certificates.
I have been using “Zero SSL” for probably a couple of years, maybe longer, for a shared hosting that I use for testing purposes. Earlier this year I had to renew the certificate via a tablet and there was an issue in that every time that went away from the tab I lost all the data, so I started to use “SSL for Free” that did not have that issue as you could call back all the date. The site was also cleaner and easier to use.
A couple of weeks ago I had to renew the certificates and found that initially that they were only showing validation of the site by DNS so I sent them an email. In the meantime I went back to ZeroSSL and found that there site had changed and was more or less identical to SSL for Free. Though I never had a response to that email I did receive one stating the SSL for Free had joined up with Zero SSL and that my existing password would no longer work, though the account is still operational, and I would have to renew it. This I did. They had also now provided browser authentication so I assume that this was just a minor issue that they had.
SSL for Free does not support wild cards or multiple domains unless you buy a certificate. This is a pity however if you return and go through the procedure again with just one sub domain it will. Very long winded if you need several certificates. However authenticating by pki-validation is a well know method and I have used before so not an issue.
The certificate is not issued by Lets Encrypt but by Zero SSL. There is no reference to LE anywhere so I assume that they have dropped LE. In an earlier posting somebody mentioned that Zero SSL had bee acquired by another company and the same is probably the same for SSL for Free. I would hazard a guess that they are using the free certificates, and limiting them to no multi domains or subs, as a way of contacting prospective users and then selling them a certificate. It does make good sense if you have bought a company and then want to generate revenue from it.
Hello, this is my first post here. So hopefully this is not out-of-place.
I’ve been using ZeroSSL on some poorly-configured servers for awhile, so not being able to use it leaves a bit of a void in my workflow. If there is not a good alternative to ZeroSSL in the next month or so, I’m probably going to try making a new website that can issue certs via the web browser.
FYI, If you’re on Windows, you can just use https://certifytheweb.com with DNS validation to issue a cert, then deploy it as required. You can also use other tools (such as certbot) on Windows, macOS or Linux to generate certs, it’s just that http validation is hard if you’re not running it on the server that needs the cert, DNS validation (especially using acme-dns) works well though.