Why Pay for SSL Certificates?

Do some people still pay for regular SSL certificates even though Let’s Encrypt exists? :thinking:

I’ve never seen BuyVM offer a Black Friday deal, or any other deal for that matter.

This is a Wildcard SSL cert

Let’s Encrypt does wildcard certs, I’m using a few myself. :slight_smile:

1 Like

https://www.quora.com/What-are-disadvantages-of-using-Lets-Encrypt-SSL-certificate

I can see the value in EV SSL certs, but that’s about it. Anything else can easily be accomplished with LE.

Let’s encrypt uptime benchmark

Commercial CA’s still have higher uptime (and EV ofcourse).

2 Likes

Thanks to whoever split this out into a separate thread… I guess I was going a bit offtopic :stuck_out_tongue:

EV certs have questionable value these days though:

AFAIK, modern browser versions no longer shows the EV visual indicator that they used to, so there’s no visual distinction between an EV cert and a regular cert. The vast majority of users aren’t going to dig into the cert details to determine if it’s an EV cert or not.

3 Likes

I use the Let’s Encrypt certiicates for simple websites, wordpress, blogs, etc with certbot.
My problem is only the short certificate lifetime. I use certificates for applications too, for example IRC tools (IRC servers, ZNC, etc) which I not want to restart/rehash every 2-3 months. The automatisation for this process (and check it every time - it is worked?) is not easy for me. A cheap 1-2 year Sectigo (Comodo) SSL certificate is perfect for this.

If it helps, acme.sh is a pretty decent system thats light for managing letsencrypt compared to other options

1 Like

Most servers have some mechanism to “reload configs” without actually shutting it down. If you’re using certbot, you can configure it to do that automatically when certificates are renewed using a deploy hook.

I wasn’t sure about IRC servers as I’ve never ran one, but the UnrealIRCd docs say that you can run unrealircd reloadtls to reload the cert, and have an example script for doing so. ZNC apparently reads the certificate fresh for every new client connection (see Don't reload znc.pem on every client connection · Issue #1215 · znc/znc · GitHub) so it shouldn’t actually be an issue with ZNC.

I actually like the shorter validity of Let’s Encrypt certs. It’s better for security if you periodically rotate your keys.

2 Likes

@Daniel @Daevien
Thank you for the ideas & advices!
I think this solutions will made easier to handle this problem for me.