Hacker News new | ask | show | jobs
by wastedhours 3579 days ago
Think that's part of it - a substantial amount of the web is on shared hosting (and probably dictated by other areas of the business) and as such wont have any level of root access. Therefore the hosting company can control cert installation and thus cost.
2 comments
rando444 3579 days ago
You don't need root access.

We run a cpanel server and have a let's encrypt plugin that allows users to generate and install their own certificates.

link
wastedhours 3579 days ago
Usually add-ons are administered by the hosting company though (?) - so if they want to own the cert purchase/installation flow, then they can certainly do that.
link
niij 3579 days ago
If you have a shell and public I address, you can get a certificate. Root access is only required for Http authentication, you can also authenticate to LE using DNS. I actually just learned about the DNA ability.

Check out Lego project, it makes DNS Auth very easy :)

link
chris_wot 3579 days ago
Don't use a hosting company who does that. Take your money and spend it elsewhere.
link
ubernostrum 3579 days ago
These hosting companies are already doing enough things "wrong" that if "well, everybody just stop using them" were going to be a viable strategy it would have worked by now for those other things.

We currently do not have the power to change the behavior or the market share of these hosting companies in any significant way. That leaves working around their behavior as the option.

link
chris_wot 3579 days ago
Who said anything about doing it to change their behaviour? Do it because you aren't getting value for money! If there are better alternatives, then use them.
link
angry-hacker 3579 days ago
Extra effort + more computing power, I don't think cheap shared hosting companies are too interested.
link
laurentdc 3579 days ago
The performance impact of HTTPS is negligible.

Article from 2010: https://www.imperialviolet.org/2010/06/25/overclocking-ssl.h...

link
marcosdumay 3579 days ago
It's called "competition". Clients can make sure the ones not too interested become very interested in a few easy steps.
link
angry-hacker 3579 days ago
When we are talking about cheap shared hosting providers, the only competition is price and it's driven extremely low.

Competition can only kick in when browsers go crazy about plain text etc.

link
marcosdumay 3579 days ago
Well, if the client doesn't care about that warning, why should the provider care?

As I said, there are easy steps clients can use to make their provider care. But if the clients themselves don't care, nobody will.

link