If they had announced this before the Let's Encrypt[0] initiative it would have been more impressive, but still it is a nice gesture to offer these for the month or two that people are still buying them. I wonder if it is a preemptive move to keep customers from taking their certificates elsewhere, as you will be able to do with the Let's Encrypt certs?
Reading the rest of the announcement, It looks like they are slowly catching up to Gandi.net, who have offered free one year certs and other features (two-step verification and domain privacy) for a while now.
They are a bit behind the curve compared to better Registrars but still light years ahead of garbage like GoDaddy, etc, so good on them for offering this.
Even in a world where Lets Encrypt exists and actually provides free certs, I don't want a world where they become the SPOF for all certs, and I can't even imagine that they want that world.
Insofar as I can guess the end-game, it seems like they want to offer free certs so that providers like EuroDNS do exactly this. That way we have lots of providers offering free certs and competing on features and security rather than cost.
> Even in a world where Lets Encrypt exists and actually provides free certs, I don't want a world where they become the SPOF for all certs, and I can't even imagine that they want that world.
Considering that Let's Encrypt seems to be planning to release all their software as Open Source, it seems like anyone willing to go through the time-consuming and expensive audit process could become a provider using similar infrastructure.
In particular, Let's Encrypt isn't just about the free certificates, it's about having automatic renewal and easy setup. Automatic renewal in particular is something I haven't seen from any other provider; I don't know any CAs that even have an API. I'd like to see that become a minimum expectation from all CAs.
I wonder sometimes why Amazon doesn't offer a CA as part of the AWS family of services, with an API for creating new certificates.
> It looks like they are slowly catching up to Gandi.net, who have offered free one year certs
As far as I know, you only get a free certificate with a new domain registration, so after the first year, you'd still need to pay an annual renewal fee for the certificate.
Yeah, I'm pretty sure only the first one-year certificate is free for each domain at Gandi, so after the first year you have to pay for it. Same if you want more than one certificate for the same domain. It's part of the reason I moved to a different certificate provider after a year.
This is true and I could have worded it better. My point is that with Let's Encrypt coming online soon, Gandi's one free single year cert per domain gets you HTTPS now, and by the time it expires you won't need to buy another.
They charge for revocation, so it negates the entire idea of a "free certificate" if you can't properly revoke them without forking over money. It literally breaks the entire idea of revocation.
No, we don't. The CA is supposed to verify the owner of the certificate and stand behind that with a financial guarantee. Otherwise, it's just security theater.
I'm getting certificates for various websites with fake details for years now. The theater is there already, it would and we should not pay for it anyway.
Please post bad certs on "dev-security-policy@lists.mozilla.org". They can be revoked. Mozilla is introducing a Mozilla-controlled revocation list in Firefox 37.
There's a lot going on to tighten up the CA world.
True, it's not the cheapest but EuroDNS is more service oriented with a free mailbox, a free ssl certificate, 4 name servers with Anycast nodes. And the renewals remain usually at the same price, and not the first year under the real cost price as some does in the industry.
Former EuroDNS customer here. While you guys do offer Open-Xchange for free, it's the limited version lacking many features. Also, last year your engineers disabled SSL on your open-Xchange server for a few days until someone complained and you re-enabled it. [0]
Also I found your web management interface to be difficult to navigate. I often had to go looking in your KB to find answers for how to do simple things like update A records (Namecheap does this much better).
The one positive thing I will say from my time as a EuroDNS customer is that you do allow people to register European domains that require residence, acting as the Technical contact for customers who are not living in Europe.
But overall, the higher prices and below average service weren't a compelling reason to stick with you guys. Other registrars like Namecheap also offer free SSL certificates for new registrations and multiple DNS servers.
"For an additional fee you can add a wildcard to the Alpha SSL certificate meaning that the certificate can be used on an unlimited number of subdomains and servers. The wildcard option allows for additional subdomains or servers to be added in the future."
That allows CloudFlare to MITM your SSL, so I'm torn on whether it's better than plaintext. Sure, it reduces the points where people can read your data down to one, but it also makes SSL go from "definitely secure to the server" to "probably secure".
Hi @dingaling, I'm working at EuroDNS and I confirm you that this is not only a promotion, but it will be free for the lifetime of your domain at EuroDNS.
Hi, you could have blog.yourdomain.tld and yourdomain.tld in the same certificate for free.
edit: to make it simple you have the right of one sub domain and the root domain without subdomain. As soon as you need more than one, you will need to go for a wildcard (which is not free).
Reading the rest of the announcement, It looks like they are slowly catching up to Gandi.net, who have offered free one year certs and other features (two-step verification and domain privacy) for a while now.
They are a bit behind the curve compared to better Registrars but still light years ahead of garbage like GoDaddy, etc, so good on them for offering this.
[0]https://letsencrypt.org/