[tombrossman]

If they had announced this before the Let's Encrypt[0] initiative it would have been more impressive, but still it is a nice gesture to offer these for the month or two that people are still buying them. I wonder if it is a preemptive move to keep customers from taking their certificates elsewhere, as you will be able to do with the Let's Encrypt certs?

Reading the rest of the announcement, It looks like they are slowly catching up to Gandi.net, who have offered free one year certs and other features (two-step verification and domain privacy) for a while now.

They are a bit behind the curve compared to better Registrars but still light years ahead of garbage like GoDaddy, etc, so good on them for offering this.

[0]https://letsencrypt.org/

[akerl_]

Even in a world where Lets Encrypt exists and actually provides free certs, I don't want a world where they become the SPOF for all certs, and I can't even imagine that they want that world.

Insofar as I can guess the end-game, it seems like they want to offer free certs so that providers like EuroDNS do exactly this. That way we have lots of providers offering free certs and competing on features and security rather than cost.

[JoshTriplett]

> Even in a world where Lets Encrypt exists and actually provides free certs, I don't want a world where they become the SPOF for all certs, and I can't even imagine that they want that world.

Considering that Let's Encrypt seems to be planning to release all their software as Open Source, it seems like anyone willing to go through the time-consuming and expensive audit process could become a provider using similar infrastructure.

In particular, Let's Encrypt isn't just about the free certificates, it's about having automatic renewal and easy setup. Automatic renewal in particular is something I haven't seen from any other provider; I don't know any CAs that even have an API. I'd like to see that become a minimum expectation from all CAs.

I wonder sometimes why Amazon doesn't offer a CA as part of the AWS family of services, with an API for creating new certificates.

[xmodem]

If renewal is automatic, there's also little reason not to make the expiry date really short.

[JoshTriplett]

> It looks like they are slowly catching up to Gandi.net, who have offered free one year certs

As far as I know, you only get a free certificate with a new domain registration, so after the first year, you'd still need to pay an annual renewal fee for the certificate.

[makomk]

Yeah, I'm pretty sure only the first one-year certificate is free for each domain at Gandi, so after the first year you have to pay for it. Same if you want more than one certificate for the same domain. It's part of the reason I moved to a different certificate provider after a year.

[tombrossman]

This is true and I could have worded it better. My point is that with Let's Encrypt coming online soon, Gandi's one free single year cert per domain gets you HTTPS now, and by the time it expires you won't need to buy another.