Let’s Encrypt is, to quote its own website, “A nonprofit Certificate Authority providing TLS certificates to 200 million websites.” More importantly, Let’s Encrypt is a way of getting SSL/TLS for your website without paying money. A while back, Firefox and Chrome both started enforcing that websites needed SSL certificates. An SSL certificate, to explain it in very basic terms, encrypts the data that goes back and forth from user to website.
But when I started looking for SSL certificates for my websites, I was shocked. Prices are all over the place. Anything from $7ish a year, up to about $60 a year to as high as $218 per year. That’s a huge amount of money! Money that has to be paid yearly on top of hosting and domain names. And that’s not even getting into the required higher security SSL certificates for bigger companies.
Editor’s note: I’m not that well versed when it comes to the technicalities of all this stuff, so please let me know if I’ve made any mistakes. I’m always happy to learn.
Let’s Encrypt is, at least, the open option.
Really, Let’s Encrypt follows the whole ‘feel’ of the internet itself. It’s there for everyone to use and benefit from. It’s open and transparent. You can automate Let’s Encrypt and it’s as secure as other certificate authorities. But, most importantly, it’s free.
Sounds great! So what’s the problem?
Let’s Encrypt informs you of everything you need to set up an SSL certificate on your website. But it’s not for the non-technological folks among us. Myself included.
There were always plenty of (also free) services that help a common idiot like myself set these things up. My personal site of choice was always sslforfree.com. This website didn’t so much automate the process, but it did offer an easy-to-use interface, and reminded you when the certificate was about to expire. Sure, Let’s Encrypt certificates need to be renewed every 90 days, but sslforfree.com gave you warnings and made renewing pretty simple.
Not any more!
On May 19th 2020, I got an email from sslforfree.com, saying they had partnered with ZeroSSL. When they say “partnered”, they mean their website, aside from the home page and a few other places, were gone. They had been completely replaced by ZeroSSL and the ZeroSSL dashboard.
More importantly, the number of SSL certificates you could have had been reduced from a large yet reasonable amount to… three.
Sure, most people reasonably won’t have that many websites. And I could theoretically just create new accounts with new email addresses. But that’s a fucking massive change! A change that came completely out of the blue! So everyone just got instantly downgraded! If you want those features back, you gotta pay for them. For, at minimum, $10 a month.
Seriously. I was signed up to get emails from sslforfree.com. I got ONE email mentioning the “partnership”. In the same email, it said that you’d need to transfer old accounts… before the 18th of May.
I should reiterate, I got this email on the 19th of May.
Guess I have to do things the hard way.
So yeah, I spent a whole day finding alternatives and working out my options. Thankfully, I found a few. But now I’m permanently paranoid that I’ll have to switch again in the future. Apparently a company called apilayer is buying up all these websites, including ZeroSSL.
In the mean time, shame on whoever thought doing what they did to sslforfree.com was a good idea. Sure, it forced me to improve, but it also took away a HUGE amount of features and locked them behind a paywall.