Announcement

Collapse
No announcement yet.

Everyone is switching to free SSLs now thanks to Let's Encrypt?

Collapse

Ads

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Everyone is switching to free SSLs now thanks to Let's Encrypt?

    So now that everyone's switching to free SSLs thanks to Let's Encrypt is there even any point in a hosting provider who only offers cPanel hosting to offer paid SSLs (Geotrust and Comodo)?

    Having a page up on a hosting website with expensive SSLs when most customers know they can get SSLs for free could put off potential customers.

    I think those who don't need to offer paid SSLs might as well not link to those pages and link to free SSL certificates page on their website instead.

    What are your thoughts on this?
    Forums.Hosting - A Web Hosting Forum for consumers and Web Hosting related businesses

  • #2
    Well, some Clients just like the Brand and they will insist on buying so there's only a small percentage.

    I've bought Commercial SSL like Comodo and GoDaddy and to be honest I don't see any difference and it's a waste of money.
    DDoS Protected Singapore/Sydney Dedicated Servers

    Comment


    • #3
      If you have a cpanel server and upgraded to WHM 60 then you can forget Lets Encrypt as cpanel have AutoSSL, which means that every single account that does not have an SSL will get a free DV certificated added to their accounts automatically and this will also be renewed automatically

      Comment


      • #4
        Originally posted by easyhostmedia View Post
        If you have a cpanel server and upgraded to WHM 60 then you can forget Lets Encrypt as cpanel have AutoSSL, which means that every single account that does not have an SSL will get a free DV certificated added to their accounts automatically and this will also be renewed automatically
        But cPanel's AutoSSL still makes use of Let's Encrypt as mentioned at https://forums.hosting/forum/hosting...ly-need-cpanel

        Or do you mean it uses alternative when Let's Encrypt is not in use? Please confirm.
        Forums.Hosting - A Web Hosting Forum for consumers and Web Hosting related businesses

        Comment


        • #5
          Originally posted by FHCL View Post

          But cPanel's AutoSSL still makes use of Let's Encrypt as mentioned at https://forums.hosting/forum/hosting...ly-need-cpanel

          Or do you mean it uses alternative when Let's Encrypt is not in use? Please confirm.
          no they do not. i have a long argument with cpanel as they set this to enabled by default on both my servers, which caused me headaches. i suggested yes it is good, but should be disabled by default. The told me they are basically Comodo Positive SSLs as they have a deal with Comodo. These are renewed every 90 days.

          Comment


          • #6
            Originally posted by easyhostmedia View Post

            no they do not. i have a long argument with cpanel as they set this to enabled by default on both my servers, which caused me headaches. i suggested yes it is good, but should be disabled by default. The told me they are basically Comodo Positive SSLs as they have a deal with Comodo. These are renewed every 90 days.
            I didn't know they offered Comodo and renewed them every 3 months like Let's Encrypt do. I always used paid SSLs and been using LE since it was available.

            Good to know.
            Forums.Hosting - A Web Hosting Forum for consumers and Web Hosting related businesses

            Comment


            • #7
              Originally posted by FHCL View Post

              I didn't know they offered Comodo and renewed them every 3 months like Let's Encrypt do. I always used paid SSLs and been using LE since it was available.

              Good to know.
              yes they cPanel offered Let's Encrypt to create a plugin to link onto cPanel, then out of the blue in WHM version 60 they introduced Autossl which places a free DV SSL onto all accounts on the server that does not have an SSL already. This is basically a Comodo Positive SSL. I still recommend my clients use a Paid SSL. I used to charge clients £2 for a shared SSL, but since cPanel brought in autossl this is revenue i have lost and they cant see that them doing this when hosts sell SSL certs loses hosts revenue

              Comment


              • #8
                Originally posted by FHCL View Post
                So now that everyone's switching to free SSLs thanks to Let's Encrypt is there even any point in a hosting provider who only offers cPanel hosting to offer paid SSLs (Geotrust and Comodo)?
                Yes, of course. Domain Validated SSL like letsencrypt does offer encryption, but it does not offer validation of the domain owner. DV SSL does not offer much more security than a self-signed certificate. This is fine if you just need to encrypt the data on your web site. But if you are collecting data such as credit card information you should use a cert that has more levels of validation such as an Enhanced Validation SSL. EV SSL incorporate additional checks to verify the owner of a domain and the authenticity of a certificate request before the certificate is issued.

                Dangers of phishing attacks could be prevented by increased implementation and awareness of EV SSL certificates. Because EV certificates provide enhanced authentication and would be much more difficult to fraudulently obtain, and because of the additional visual cues provided to website users, EV SSL provides more phishing deterrent than DV SSL
                Collabora Hosting - Unlimited Windows and Linux Hosting
                Web Security - VPS - Dedicated Servers
                The Unlimited FAQ

                Comment


                • #9
                  Originally posted by FHCL View Post
                  So now that everyone's switching to free SSLs thanks to Let's Encrypt is there even any point in a hosting provider who only offers cPanel hosting to offer paid SSLs (Geotrust and Comodo)?
                  Yes, but now it makes it easier for a scammer to show HTTPs on their sites. i dont get it when the authorities tell consumer just look for the HTTPS or padlock on a site to show it is secure so it is OK.
                  yes it will encrypt the card details, but does not stop a fraudster taking your money and not sending you goods, also i assume some fraudster will have software than can de crypt the details.

                  If you are serious about running a website/business then you need an OV or EV ssl certificate

                  Comment


                  • #10
                    Do you think Let's Encrypt or the free CloudFlare SSL is better and more secure?
                    Forums.Hosting - A Web Hosting Forum for consumers and Web Hosting related businesses

                    Comment


                    • #11
                      Originally posted by FHCL View Post
                      Do you think Let's Encrypt or the free CloudFlare SSL is better and more secure?
                      These are just basic DV SSL certs like Comodo Positive and Rapidssl certs, so will be OK for personal sites or blogs, but for business sites you should be using at least an OV SSL cert anyway.

                      Comment


                      • #12
                        Originally posted by easyhostmedia View Post

                        These are just basic DV SSL certs like Comodo Positive and Rapidssl certs, so will be OK for personal sites or blogs, but for business sites you should be using at least an OV SSL cert anyway.
                        Even for "business sites" DV SSL is sufficient if all you need to do is encrypt your content. There is no encryption difference between DV-OV-EV certs. The only difference between them is method of validation. Validation method has no relation to encryption. Thus, as I explained above, OV-EV becomes important when its important to know the identity of the site owner -- as in an ecommerce site.
                        Collabora Hosting - Unlimited Windows and Linux Hosting
                        Web Security - VPS - Dedicated Servers
                        The Unlimited FAQ

                        Comment

                        Ads

                        Collapse

                        Ads

                        Collapse
                        Working...
                        X