The Death of SSLForFree.com

Let’s Encrypt is, to quote its own website, “A nonprofit Certificate Authority providing TLS certificates to 200 million websites.” More importantly, Let’s Encrypt is a way of getting SSL/TLS for your website without paying money. A while back, Firefox and Chrome both started enforcing that websites needed SSL certificates. An SSL certificate, to explain it in very basic terms, encrypts the data that goes back and forth from user to website.

But when I started looking for SSL certificates for my websites, I was shocked. Prices are all over the place. Anything from $7ish a year, up to about $60 a year to as high as $218 per year. That’s a huge amount of money! Money that has to be paid yearly on top of hosting and domain names. And that’s not even getting into the required higher security SSL certificates for bigger companies.

Editor’s note: I’m not that well versed when it comes to the technicalities of all this stuff, so please let me know if I’ve made any mistakes. I’m always happy to learn.

Cat Image by KatinkavomWolfenmond from Pixabay
Completely unrelated cat Image by KatinkavomWolfenmond from Pixabay

Let’s Encrypt is, at least, the open option.

Really, Let’s Encrypt follows the whole ‘feel’ of the internet itself. It’s there for everyone to use and benefit from. It’s open and transparent. You can automate Let’s Encrypt and it’s as secure as other certificate authorities. But, most importantly, it’s free.

Sounds great! So what’s the problem?

Let’s Encrypt informs you of everything you need to set up an SSL certificate on your website. But it’s not for the non-technological folks among us. Myself included.

There were always plenty of (also free) services that help a common idiot like myself set these things up. My personal site of choice was always sslforfree.com.  This website didn’t so much automate the process, but it did offer an easy-to-use interface, and reminded you when the certificate was about to expire. Sure, Let’s Encrypt certificates need to be renewed every 90 days, but sslforfree.com gave you warnings and made renewing pretty simple.

Not any more!

On May 19th 2020, I got an email from sslforfree.com, saying they had partnered with ZeroSSL. When they say “partnered”, they mean their website, aside from the home page and a few other places, were gone. They had been completely replaced by ZeroSSL and the ZeroSSL dashboard.

More importantly, the number of SSL certificates you could have had been reduced from a large yet reasonable amount to… three.

FUCKING THREE!

Sure, most people reasonably won’t have that many websites. And I could theoretically just create new accounts with new email addresses. But that’s a fucking massive change! A change that came completely out of the blue! So everyone just got instantly downgraded! If you want those features back, you gotta pay for them. For, at minimum, $10 a month.

Seriously. I was signed up to get emails from sslforfree.com. I got ONE email mentioning the “partnership”. In the same email, it said that you’d need to transfer old accounts… before the 18th of May.

I should reiterate, I got this email on the 19th of May.

Guess I have to do things the hard way.

So yeah, I spent a whole day finding alternatives and working out my options. Thankfully, I found a few. But now I’m permanently paranoid that I’ll have to switch again in the future. Apparently a company called apilayer is buying up all these websites, including ZeroSSL.

In the mean time, shame on whoever thought doing what they did to sslforfree.com was a good idea. Sure, it forced me to improve, but it also took away a HUGE amount of features and locked them behind a paywall.

Medic

Medic, also known as Phovos (or occasionally Dr Retvik Von Scribblesalot), writes 50% of all the articles on the Daily SPUF since she doesn't have anything better to do. A dedicated Medic main in Team Fortress 2 and an avid speedster in Warframe, Phovos has the unique skill of writing 500 words about very little in a very short space of time.

6 thoughts on “The Death of SSLForFree.com

    • May 25, 2020 at 5:12 am
      Permalink

      Those were basically the ones I found too, namely https://gethttpsforfree.com/ since it can be used online and offline. There’s also some WordPress plugins that can do the job for you, which can be useful if you’re on something like GoDaddy and can’t normally use Let’s Encrypt.

      Reply
      • July 9, 2020 at 5:56 pm
        Permalink

        Thanks for dropping these alternatives. Looking into them now.

        Reply
  • July 31, 2020 at 12:03 pm
    Permalink

    Hi Medic

    Found myself in the exact same situation. With Corona, and vacation, I totally missed the fact that as they stated on their front page “100% free forever” was not so forever after all.
    After some searching, I also realized, I had to find alternatives.
    After a while i found Posh-ACME. A small PowerShell Module, that does it (almost) all.
    I still have to manually validate my DNS settings, sadly no plugin for my DNS-pusher yet.
    But then it automaticly creates my new certificate, AND creates the correct PFX file, that I had to do manually before. Posh-ACME just uses Let’s Encrypt, so it is still a 90-days certificate, but I can do Multiple and Wildcards.
    Over all I’m actually glad again now.

    Reply
    • July 31, 2020 at 12:10 pm
      Permalink

      Posh-ACME was one I was looking at, so glad it actually seems pretty good. The sad thing is, Let’s Encrypt IS 100% free but the people behind Zero SSL are charging a lot of money for not very much.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *