Offering LetsEncrypt SSL Certificates

[ughosting]

still not sure as no idea how secure their certs really are.

CPanel already has a buy SSL cert option in WHM, but I have this disabled as it is a rubbish SSL and will only cover either www or non-www whichever you chose, but will not cover both options.

These certificates will hold as many domains/subdomains as you want, but you can only request 20 (or an additional 20) in a single API call.

It's doubtful that a single account will have more than 20 domains.

As for security, any SSL certificate generated with the same number of bits is as secure, even self-signed, but they do seem to be trusted by all of the browsers.

Many CDNs use them Akamai, CDN77.com (which makes sense) and all the enterprises listed on their website.

 

[Alex - A2 Hosting]

If they make it optional and allow you to charge for the service in WHMCS (as an addon), then maybe you can make some cash for nothing?

99% sure this won't happen unless you build your own module for it. Anyway, it might be best to just offer it for free otherwise you might end up losing clients costing you money rather than your goal of making money.

See, it is quite well known that LetsEncrypt is free and will become more and more known as web hosts market 'Free LetsEncrypt certificates'. With cPanel offering it officially (aim to current tier is next week), most hosts will offer this for free.

From a clients point of view, they can get the same product for free elsewhere whereas with you they'd have to charge. And for your current clients, they might see it like reducing their annual bill by $xx so may leave.

 

[Alex - A2 Hosting]

These certificates will hold as many domains/subdomains as you want, but you can only request 20 (or an additional 20) in a single API call.

It's doubtful that a single account will have more than 20 domain.

Where do you see this? I thought it was limited at 20 same domain per week, not per API call.

 

[MikeDVB]

I won't be enabling it until cPanel fixes a bug which they state is "working as intended".

The Let's Encrypt for cPanel plugin isn't actually written/made available by cPanel.

That said - what is the issue you're having that isn't fixed? You've been far too vague.

 

[iHostiGo]

the best option and trust for your customers would be EV SSL and google likes any ssl installed.

 

[easyhostmedia]

the best option and trust for your customers would be EV SSL and google likes any ssl installed.

but everyone cannot get an EV SSL certificate, even if its your business. You have a lot of work etc. to carry out before you will be allowed an EV SSL cert.

 

[iHostiGo]

but everyone cannot get an EV SSL certificate, even if its your business. You have a lot of work etc. to carry out before you will be allowed an EV SSL cert.

That is right and sorry for not mentioning that getting EV SSL will take a lot of time and a lot of headache to get it approved and working. thanks easyhostmedia for clarifying that.

 

[LittleCreek]

As somebody else already mentioned its built in to DirectAdmin so why now add it to the list of features.

 

[easyhostmedia]

As somebody else already mentioned its built in to DirectAdmin so why now add it to the list of features.

but you have to look at it this way, as a webhost you are in the business to make money and not gives things like SSL certs away free.

 

[LittleCreek]

but you have to look at it this way, as a webhost you are in the business to make money and not gives things like SSL certs away free.

True but if its not costing me anything and it creates incentive for new clients to sign up or old clients to stay then it only helps me.

 

[LittleCreek]

If your business is based around selling SSL certs then that's different. I personally didn't like the headache of installing them previously even when I was getting paid.

 

[easyhostmedia]

True but if its not costing me anything and it creates incentive for new clients to sign up or old clients to stay then it only helps me.

but it is $30 a month minimum,even if it is integrated into DA, you still have to sign up to a LetsEncrypt account

 

[LittleCreek]

but it is $30 a month minimum,even if it is integrated into DA, you still have to sign up to a LetsEncrypt account

I definitely did not pay $30 and I don't remember setting up an account.

 

[LittleCreek]

I see $30/month for a Cpanel plugin but not for Let's Encrypt itself. All I did was enable in DirectAdmin and gave the domain its own ip and it just worked. It was very easy to get set up and then a few clicks later I had a new SSL cert.

https://www.directadmin.com/features.php?id=1828

 

[easyhostmedia]

I definitely did not pay $30 and I don't remember setting up an account.

https://letsencrypt-for-cpanel.com/pricing

it seems with DA you only get 90 day licences, so has to be renewed every 90 days

 

[LittleCreek]

it seems with DA you only get 90 day licences, so has to be renewed every 90 days

Yes which DA does automatically on day 85. The 90 days is a Let's Encrypt thing. https://letsencrypt.org/2015/11/09/why-90-days.html

 

[easyhostmedia]

Yes which DA does automatically on day 85.

That is because DA only issues the Trail Licences which last 90 days

 

[LittleCreek]

That is because DA only issues the Trail Licences which last 90 days

The 90 days is a Let's Encrypt thing. https://letsencrypt.org/2015/11/09/why-90-days.html

 

[easyhostmedia]

The 90 days is a Let's Encrypt thing. https://letsencrypt.org/2015/11/09/why-90-days.html

when all other CA sell SSL for 12 months and only offer free trial SSLs for 90 days.

so all they are doing is giving out Free trial SSLs

 

[LittleCreek]

so all they are doing is giving out Free trial SSLs

I guess that may be but I didn't read anything about a trial cert. Although I think calling it a trial cert make it seem like its less secure somehow. But in any case anybody who uses Let's Encrypt is getting 90 day certs, not just with DirectAdmin.

I also think that most clients will not care as long as it works. It also passes PCI as I just had a scan done.

If a client still wants a paid for cert I will still install it for him. I have no objection to going that route either.