Offering LetsEncrypt SSL Certificates

[ughosting]

With Google adding SEO weight (only a little now, but said to be increasing over time) how many hosts have switched to providing LetsEncrypt free SSL certificates so all their customers can be on SSL?

Are you going to continue selling other SSL certificates? and why?

If you've decided not to offer LetsEncypt, why is that?

Has anyone had issues getting them to work?


We're going to continue offering SSL certificates, alongside LetsEnypt, for their portability and the fact you can install them on your CDN's and other places that may not yet me offering LetsEncypt certificates.

We discovered that BitNinja often blocked the challenge so certificates didn't get issued.

 

[Alex - A2 Hosting]

We do plan to offer LetsEncrypt across our shared/reseller packages and this is currently in the works.

I think most hosts will eventually offer it in order to stay competitive as so many hosts are adopting it and offering it for free. Especially once cPanel releases official LE support which is currently in private beta.

Actually, people are looking for hosts which provide free LetsEncrypt certificates.

 

[whmcsguru]

I'll keep using paid certs until LE gets a bit more stable and norm. When cPanel adopts it officially, then it might be time to start considering it.

 

[easyhostmedia]

so far i have no intentions to use this and i even try and persuade my clients to not use any free ssl certs as you have no idea how secure these really are.

 

[ughosting]

A self-signed certificate is just as secure as a certificate an authority signed.
And these are authority signed certificates.

It's not a matter of how secure they are, but how trusted they are, surely?

The main difference here is that instead of proving you own "webmaster@domain.com" and authenticating the domain, these certificates are authenticated by the handshake when you set them up.

1. You ask for a certificate for domain.com
2. They give you a random filename
3. They give you the passkey to put into the random filename
5. You tell them you have done this.
6. They fetch http://www.domain.com/.well-known/acme-challenge/randomfilename.
7. They check the contents of the file and if it matches they issue the certificate.

This is my mind is more secure than the email method.

I don't sell enough certificates for me to make more than a couple of hundred pounds a year in profit, and these are automatically configured, which I'm sure will save on the amount of helpdesk time spent ensuring the client has uploaded the intermediate certificate, not lost the private key, etc, etc.

 

[Ilyas]

We are currently implementing let's encrypt in cpanel. We will not be providing them, but the customer can choose to install it from their control panel

 

[easyhostmedia]

A self-signed certificate is just as secure as a certificate an authority signed.
And these are authority signed certificates.

It's not a matter of how secure they are, but how trusted they are, surely?

The main difference here is that instead of proving you own "webmaster@domain.com" and authenticating the domain, these certificates are authenticated by the handshake when you set them up.

1. You ask for a certificate for domain.com
2. They give you a random filename
3. They give you the passkey to put into the random filename
5. You tell them you have done this.
6. They fetch http://www.domain.com/.well-known/acme-challenge/randomfilename.
7. They check the contents of the file and if it matches they issue the certificate.

This is my mind is more secure than the email method.

I don't sell enough certificates for me to make more than a couple of hundred pounds a year in profit, and these are automatically configured, which I'm sure will save on the amount of helpdesk time spent ensuring the client has uploaded the intermediate certificate, not lost the private key, etc, etc.

self-signed certificates can still sometimes throw up insecure site warning when visiting websites

 

[easyhostmedia]

Is it worth the effort as this is what Google say

Google To Give Secure Sites A Ranking Boost
Google has announced that going HTTPS — adding a SSL 2048-bit key certificate on your site — will give you a minor ranking boost.

Google says this gives websites a small ranking benefit, only counting as a “very lightweight signal” within the overall ranking algorithm. In fact, Google said this carries “less weight than other signals such as high-quality content.” Based on their tests, Google says it has an impact on “fewer than 1% of global queries” but said they “may decide to strengthen” the signal because they want to “encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

 

[ughosting]

What you are arguing is the end customers point of view, do I really need to have an SSL certificate?
From the hosts perspective shouldn't we be looking at providing what the customer want or ask for?

I'm not going to push customers into using SSL, as there are server overheads that I would rather not be encouraged. However, do I want to lose potential customers who are looking for this service to someone who already provides it, especially when the cost to the host is $0?

We had just finished our own code to add this feature when it was announced as a new feature built into directadmin. So ALL DA hosts now have this. I have to say that their code is better integrated into the C'Panel, rather than a plugin, so we've archived the plugin and bowed to the better solution.

I've also seen a plugin for CPanel (https://letsencrypt-for-cpanel.com/pricing), but @$30/month that's expensive when you consider CloudLinux is only $10.

However, if like us you attract many Magento and eCommerce stores, it may be worth swallowing until that cPanel offer the service as built in, which they should be able to do quite easily.

 

[easyhostmedia]

What you are arguing is the end customers point of view, do I really need to have an SSL certificate?

but that's what it boils down too, an end user saying do we need an SSL. as you say i will not push SSLs onto clients and wont be paying $30 a month to place a script on the server that customers may not even use.

But will it not damage your own business by offering clients a free SSL when you actually sell SSL certificates. we are all in business to make a profit and not give things away for free. So it would cost you $360 a year for no revenue. Does not make good business sense

 

[ughosting]

Agreed, if we had to pay for this feature, we would have given it a miss. We had spent around 5 hours of development, and 4 hours of testing for our own plugin (for DirectAdmin).
DirectAdmin has now built the feature into the control panel (wish I'd known, would have done something else with those 9 hours), so the ongoing cost for us is nothing.
But we make very little selling SSL certificates when you take the support into account, we may even make a loss, who knows.
SSL is something we have to supply, a little like domains, which we also sell, but with such low margins, we make very little profit.

We are gambling that the FREE SSL certificates will get us more customers.

If you are successfully making a good profit from SSL certificates, then I would agree, it might be counter-intuitive for you to take it up, especially if you have to pay $30 a month.
If you provide a good service, customers would not move elsewhere to save the cost of an SSL certificate.

We are hoping that it will attract new customers.

That aside, though, there is a good reason to provide Let's Encrypt Certificates.

THEY ARE MULTIDOMAIN CERTIFICATES

You can have as many domains on the certificate as you want, and it's still free!!! You can't get that anywhere else without severe financial penalties.
When you take that into account, it looks a whole lot sweeter!! (assuming you sell multidomain accounts, or CPanel addon domain accounts, which I believe you don't).

 

[easyhostmedia]

THEY ARE MULTIDOMAIN CERTIFICATES

You can have as many domains on the certificate as you want, and it's still free!!! You can't get that anywhere else without severe financial penalties.
When you take that into account, it looks a whole lot sweeter!! (assuming you sell multidomain accounts, or CPanel addon domain accounts, which I believe you don't).

Yes i dont sell multidomian accounts.

I can get basic SSL certs for £3 a year, which i sell at £6.95. If needed i could easily add this to my hosting plans without charging for it, just means mt lowest plan i would take no profit for 2 months and dearer plans i would be less £3 for the 1st month.

but my main SSL seller is RapidSSL at £11.95

 

[MikeDVB]

We offer both - and surprisingly we still sell a lot of SSL Certificates. We even make customers aware when ordering SSL or asking about it that we have a free option but most seem to prefer the paid version.

 

[Layerbyte_Ben]

Most people we have come across rather use paid versions. Depending on the certificate you can find some of them through different vendors for under $10 a year.

 

[Localnode]

I won't be enabling it until cPanel fixes a bug which they state is "working as intended".

 

[easyhostmedia]

I've also seen a plugin for CPanel (https://letsencrypt-for-cpanel.com/pricing), but @$30/month that's expensive when you

its not $30/month it is a one off payment

Please note: all prices are a single, once-off cost for the product and lifetime updates and is not charged on an on-going basis.

All licences entitle the licencee to one year of support and if any support is required after this time the licence will need to be renewed.

put it will soon mount up if you have more than 1 server as the price is per server.

 

[Alex - A2 Hosting]

its not $30/month it is a one off payment
put it will soon mount up if you have more than 1 server as the price is per server.

It isn't really worth paying for it if you haven't already. cPanel will very soon come out with their official support for LetsEncrypt and until then, you can handle the installations manually of certificates.

The official LE support is currently in beta and cPanel intends to ship it in v58.

 

[easyhostmedia]

It isn't really worth paying for it if you haven't already. cPanel will very soon come out with their official support for LetsEncrypt and until then, you can handle the installations manually of certificates.

The official LE support is currently in beta and cPanel intends to ship it in v58.

as long as cpanel dont force you to offer this

 

[ughosting]

If they make it optional and allow you to charge for the service in WHMCS (as an addon), then maybe you can make some cash for nothing?

 

[easyhostmedia]

If they make it optional and allow you to charge for the service in WHMCS (as an addon), then maybe you can make some cash for nothing?

still not sure as no idea how secure their certs really are.

cpanel aready have a buy ssl cert option in WHM, but i have this disabled as it is a rubbish SSL and will only cover either www or non-www whichever you chose, but will not cover both options.