I’m curious what the benefits are of paying for SSL certificates vs using a free provider such as letsencrypt.

What exactly are you trusting a cert provider with and what are the security implications? What attack vectors do you open yourself up to when trusting a certificate authority with your websites’ certificates?

In what way could it benefit security and/or privacy to utilize a paid service?

And finally, which paid SSL providers are considered trustworthy?

I know Digicert is a big player, but their prices are insane. Comodo seems like a good affordable option, but is it a trustworthy company?

  • Noble Shift@lemmy.world
    link
    fedilink
    English
    arrow-up
    46
    ·
    edit-2
    2 months ago

    I’ve used Lets Encrypt for years and years, in fact it’s been at least 6?. LE with the encryptbot?, automate the entire process, and then completely forget about it until someone posts on Lemmy asking about it.

    It’s been long enough I’ve forgotten the proper names of the software and I would have to go back through my notes to recreate it.

    Just checked the logs and it’s fine.

    Don’t pay for shit.

    • Darkassassin07@lemmy.ca
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 months ago

      Same, though I’m using acme.sh and DNS-01. (had to go look at the script that triggers it to remember, lol)

      I check the log file my update script writes every few months just to be sure nothings screwy, but I’ve had 0 issues in 7 years of using LE now.

      A paid cert isn’t worth it.