Offering LetsEncrypt SSL Certificates

[easyhostmedia]

I guess that may be but I didn't read anything about a trial cert. Although I think calling it a trial cert make it seem like its less secure somehow. But in any case anybody who uses Let's Encrypt is getting 90 day certs, not just with DirectAdmin.

I also think that most clients will not care as long as it works. It also passes PCI as I just had a scan done.

If a client still wants a paid for cert I will still install it for him. I have no objection to going that route either.

well trials also passes PCI as they are just the same as a fully paid SSL, but expires after 90 days. dont forget every 90 days the SSL mapping with change at every renewal, which will just do as much damage with Google indexing as if not having an SS.

 

[LittleCreek]

dont forget every 90 days the SSL mapping with change at every renewal, which will just do as much damage with Google indexing as if not having an SS.

I would like to learn more about this. Do you know of any documentation to support it?

 

[MikeDVB]

but you have to look at it this way, as a webhost you are in the business to make money and not gives things like SSL certs away free.

Our SSL sales have gone up actually since launching Let's Encrypt. Almost everybody that asks about it ends up buying a certificate for some reason even though it works great [the free one].

 

[easyhostmedia]

I would like to learn more about this. Do you know of any documentation to support it?

LetsEncrypt have started and are pushing because google saying they will give priority to sites using SSL certs (https) when indexing, but when you install an ssl it uses mapping to show search engines etc. that your site is secure using and SSL, but when you renew this mapping changes for the new SSL, so by changing this every 90 days google will take it that the site is constantly using trial (temp) SSL certs to get around their new indexing process, which will actually go against the site in googles eyes.

 

[easyhostmedia]

Our SSL sales have gone up actually since launching Let's Encrypt. Almost everybody that asks about it ends up buying a certificate for some reason even though it works great [the free one].

so basically throw away $30 a time so as users are paying for SSL certs

 

[LittleCreek]

LetsEncrypt have started and are pushing because google saying they will give priority to sites using SSL certs (https) when indexing, but when you install an ssl it uses mapping to show search engines etc. that your site is secure using and SSL, but when you renew this mapping changes for the new SSL, so by changing this every 90 days google will take it that the site is constantly using trial (temp) SSL certs to get around their new indexing process, which will actually go against the site in googles eyes.

What I am seeing here is your opinion on this. I respect that. But I would like to see more than one person's opinion before making a decision. From what I have read Google places very little importance on SSL.

 

[LittleCreek]

so basically throw away $30 a time so as users are paying for SSL certs

I am still not seeing how $30 is thrown away.

 

[easyhostmedia]

What I am seeing here is your opinion on this. I respect that. But I would like to see more than one person's opinion before making a decision. From what I have read Google places very little importance on SSL.

http://thenextweb.com/google/2015/1...-get-hammered-in-googles-search-ranking/#gref

https://blog.instantssl.com/ssl/impact-of-https-and-ssl-on-googles-ranking/

only 2 reports on this, plenty of more that i can list

 

[easyhostmedia]

I am still not seeing how $30 is thrown away.

well it is if you are paying this, but your users are just paying for SSL and not using the service you are paying for.

 

[MikeDVB]

so basically throw away $30 a time so as users are paying for SSL certs

I don't understand the syntax or meaning of what you've said.

Could you please clarify?

 

[LittleCreek]

well it is if you are paying this, but your users are just paying for SSL and not using the service you are paying for.

Nobody is having to pay $30 for anything to use Let's Encrypt.

 

[LittleCreek]

http://thenextweb.com/google/2015/1...-get-hammered-in-googles-search-ranking/#gref

Like I said its very small. The article above actually misquoted the article they referenced by saying "will start prioritizing secure HTTPS URLs over regular HTTP ones." That is not exactly what Google said. They said at https://security.googleblog.com/2015/12/indexing-https-pages-by-default.html

"When two URLs from the same domain appear to have the same content but are served over different protocol schemes, we’ll typically choose to index the HTTPS URL"

Basically in the search results priority will be given to the https protocol of the same site not different sites. They are not saying they will give preference to a https site over a different http site.

SEO is still mostly about content and relevant links. Worrying about a 90 day cert and how it affects SEO is not in my opinion a good use of time.

 

[MikeDVB]

Worrying about a 90 day cert and how it affects SEO is not in my opinion a good use of time.

Having SSL versus not having it, imho, would be the only concern I would have when it comes to SSL in most cases.

Maybe an EV over a regular for a business site where the additional trust may help close a sale.

I wouldn't worry about it from an SEO standpoint, as you said.

 

[easyhostmedia]

I don't understand the syntax or meaning of what you've said.

Could you please clarify?

if you cpanel it costs $30 and if no one is using it then you pay the $30 etc. for nothing

 

[MikeDVB]

if you cpanel it costs $30 and if no one is using it then you pay the $30 etc. for nothing

I'm not even sure where you're coming up with this "$30".

Using Let's Encrypt is free. Now if you use a cPanel plugin to make it available - it might cost money to do that. That isn't the price to use Let's Encrypt - it's the price to use the third party cPanel plugin that handles it.

If I'm misunderstanding you - do elaborate on this "$30" charge and where you're seeing it / how you are aware of it.

 

[Localnode]

That said - what is the issue you're having that isn't fixed? You've been far too vague.

This: https://features.cpanel.net/topic/s...-same-ip-shows-another-users-site-potentially

Basically:
User 1 has no SSL.
User 2 does.
Both are on the same IP.
Visitor goes to https://user1.com
It redirects to https://user2.com

Meaning - all SSL websites have to be on the same IP. While non-SSLs can't be on that shared IP - or the redirects happen.

So essentially - I won't be enabling Let's Encrypt plugin (one to be made by cPanel) until this bug is fixed. As such - SSL installation is also turned off.

I'm not a Jedi so I can't see the future if people on the non-SSL shared IP want to install an SSL.

So what I've done is a band-aid fix (see the above link re. vhost) but it doesn't really resolve the problem.

 

[easyhostmedia]

This: https://features.cpanel.net/topic/s...-same-ip-shows-another-users-site-potentially

Basically:
User 1 has no SSL.
User 2 does.
Both are on the same IP.
Visitor goes to https://user1.com
It redirects to https://[B]user2.com[/B]

Meaning - all SSL websites have to be on the same IP. While non-SSLs can't be on that shared IP - or the redirects happen.

So essentially - I won't be enabling Let's Encrypt plugin (one to be made by cPanel) until this bug is fixed. As such - SSL installation is also turned off.

I'm not a Jedi so I can't see the future if people on the non-SSL shared IP want to install an SSL.

So what I've done is a band-aid fix (see the above link re. vhost) but it doesn't really resolve the problem.

whys you are having has 0% to do with Let's Encrypt. It is SNI which in effect does away with sites having to have a dedicated IP to install a SSL certificate.
It is still recommended a dedicated IP is used for a site to installs an SSL cert. I have sites on my servers that have SSL running on the main server IP using SNI and have no issues with people being redirected from no ssl sites to ssl sites.

 

[Alex - A2 Hosting]

This: https://features.cpanel.net/topic/s...-same-ip-shows-another-users-site-potentially

Basically:
User 1 has no SSL.
User 2 does.
Both are on the same IP.
Visitor goes to https://user1.com
It redirects to https://[B]user2.com[/B]

Meaning - all SSL websites have to be on the same IP. While non-SSLs can't be on that shared IP - or the redirects happen.

So essentially - I won't be enabling Let's Encrypt plugin (one to be made by cPanel) until this bug is fixed. As such - SSL installation is also turned off.

I'm not a Jedi so I can't see the future if people on the non-SSL shared IP want to install an SSL.

So what I've done is a band-aid fix (see the above link re. vhost) but it doesn't really resolve the problem.

cPanel's temporary solution to this is Auto SSL. It will attempt to automatically install an SSL certificate for every domain (if enabled of course) so all sites will run on SSL.

 

[Artashes]

well trials also passes PCI as they are just the same as a fully paid SSL, but expires after 90 days. dont forget every 90 days the SSL mapping with change at every renewal, which will just do as much damage with Google indexing as if not having an SS.

LetsEncrypt have started and are pushing because google saying they will give priority to sites using SSL certs (https) when indexing, but when you install an ssl it uses mapping to show search engines etc. that your site is secure using and SSL, but when you renew this mapping changes for the new SSL, so by changing this every 90 days google will take it that the site is constantly using trial (temp) SSL certs to get around their new indexing process, which will actually go against the site in googles eyes.

What I am seeing here is your opinion on this. I respect that. But I would like to see more than one person's opinion before making a decision. From what I have read Google places very little importance on SSL.

How about an opinion from Let's Encrypt?

That's right. This debate caught my attention as easyhostmedia's statements regarding this were too confident in nature, so I've reached out to Let's Encrypt directly. While they chose not to post here, Josh Aas, Executive Director, wrote me back. The question I raised is if renewing the certificate every 90-days would negatively impact the ranking because Google would consider this certificate to be a trial and treat such a site as not having a secure certificate.

Hi Artashes,

We haven't done our own research into how using Let's Encrypt
certificates affect search rankings but I would be surprised if using
our certificates had a negative impact. Most people who use our
certificates didn't have certificates before, and at least Google has
stated the HTTPS is being used as a positive signal for search
rankings [1]. As for 90 day certificates in particular, it would also
surprise me if that was a negative signal. Google's main website uses
certificates valid for less than 90 days (84, to be precise).

It can be hard to tell what's actually impacting search rankings, and
we don't have any more insight into them than anyone else. I recommend
asking search providers themselves about any evidence that certain
certificates are impacting search results in a negative way.

[1] https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html

--
Josh Aas
Executive Director
Internet Security Research Group
Let's Encrypt: A Free, Automated, and Open CA

I understand that it isn't a scientific response (the most accurate one would probably be a response from Google itself), but the fact that Google themselves use 90-day (or less) SSL caught my eye. In my view, it is highly unlikely they treat sites negatively if they renew certificates frequently. A yes/no ping on presence of certificate is all they are probably looking for.

 

[LittleCreek]

Thanks Artashes.