Need SSL cert - What's next best?
-
@stacksofplates said in Need SSL cert - What's next best?:
Cloudflare does free SSL. That's what I used for my blog since it's GitLab pages and you can't automate the LetsEncrypt part with them. It's valid for I think 15 years.
It's only free for personal websites, this would be for production use.
-
I can't just get the cert?
-
That must be for CDN. DNS is free along with the stuff like certs.
-
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
You have to set your domain up in it.
-
@obsolesce said in Need SSL cert - What's next best?:
@stacksofplates said in Need SSL cert - What's next best?:
Cloudflare does free SSL. That's what I used for my blog since it's GitLab pages and you can't automate the LetsEncrypt part with them. It's valid for I think 15 years.
It's only free for personal websites, this would be for production use.
Free for Business too, read the description
-
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
They dont' provide certs, they are a CDN.
-
@stacksofplates said in Need SSL cert - What's next best?:
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
You have to set your domain up in it.
They did this new wording a few days ago.
-
@obsolesce said in Need SSL cert - What's next best?:
@stacksofplates said in Need SSL cert - What's next best?:
Cloudflare does free SSL. That's what I used for my blog since it's GitLab pages and you can't automate the LetsEncrypt part with them. It's valid for I think 15 years.
Wow really?
I'll see if I can find that.
You just set it up and turn your cloud orange. There is nothing to install.
-
@scottalanmiller said in Need SSL cert - What's next best?:
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
They dont' provide certs, they are a CDN.
They can provide you the Origin SSL cert that only works using their CDN.
-
@dbeato said in Need SSL cert - What's next best?:
@scottalanmiller said in Need SSL cert - What's next best?:
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
They dont' provide certs, they are a CDN.
They can provide you the Origin SSL cert that only works using their CDN.
Oh, didn't know. But makes sense.
-
@scottalanmiller said in Need SSL cert - What's next best?:
@dbeato said in Need SSL cert - What's next best?:
@scottalanmiller said in Need SSL cert - What's next best?:
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
They dont' provide certs, they are a CDN.
They can provide you the Origin SSL cert that only works using their CDN.
Oh, didn't know. But makes sense.
Not new. Had this for a while.
-
@obsolesce I've had a good experience with https://www.sslpoint.com - they're not widely known but we've used them for a few certs over the last 3 years or so (mostly Exchange) and it worked well. The prices are pretty reasonable and support is great (which in most cases you probably won't need).
-
@obsolesce
www.gogetssl.com
Cheap like borscht. -
@obsolesce said in Need SSL cert - What's next best?:
@marcinozga said in Need SSL cert - What's next best?:
Can you put reverse proxy in front of that appliance and automate certs on proxy?
Hmm, perhaps. I didn't think of that, but there are other services besides https that the proxy would need to pass through to the server then. Is that possible? Users would access the https stuff over web browser, but agents on their computers would be trying to connect to the same server.domain.com over some custom port, lets say 52274 for example.
Split the DNS by setting up machine.domain.com internally with a blank A record to the machine’s IP. That keeps the cert situation tidy.
-
Digicert has been really good for us. They have some nice tools as well.
-
@marcinozga said in Need SSL cert - What's next best?:
Can you put reverse proxy in front of that appliance and automate certs on proxy?
Coming back to this now, no I can't put a reverse proxy in front of it because there is some non-web communication over port 443, and doesn't work through a reverse proxy as I discovered. The web interface works great, but agent (non-web) communications over 80/443 aren't working properly.
So this server is getting it's own IP address, and an SSL cert.
Going through the names everyone mentioned, here are my considerations so far (any others?):
-
Going with NameCheap. Their setup and tools look great.
-
I got a 2-year SSL cert from NameCheap for $15 (it's Comodo). Installed and working great. No need for a $200/year cert lol.
