The HN title makes a promise ("Let's Encrypt Alternative") that StartCom didn't make and can't deliver. dang -- can the HN title be changed back to the original title?

This is software to automate the creation and installation of StartCom certs; it doesn't include the "it's all free and validation is automated" part that Let's Encrypt brings to the table. The pricing model is just StartCom's normal pricing; StartCom has always used the model of charging for validation and then offering "all you can eat" certificates.

LOL. You should read their marketing email.

Dear StartCom customers,

This electronic mail message was created by StartCom's Administration Personnel:

StartCom, a leading global Certificate Authority (CA) and provider of trusted identity and authentication services, announces a new service – StartEncrypt today, an automatic SSL certificate issuance and installation software for your web server.

StartEncrypt is based the StartAPI system to let you get SSL certificate and install the SSL certificate in your web server for free and automatically, no any coding, just one click to install it in your server.

Compare with Let’s Encrypt, StartEncrypt support Windows and Linux server for most popular web server software, and have many incomparable advantages as:

(1) Not just get the SSL certificate automatically, but install it automatically;

(2) Not just Encrypted, but also identity validated to display EV Green Bar and OV organization name in the certificate;

(3) Not just 90 days period certificate, but up to 39 months, more than 1180 days;

(4) Not just low assurance DV SSL certificate, but also high assurance OV SSL certificate and green bar EV SSL certificate;

(5) Not just for one domain, but up to 120 domains with wildcard support;

(6) All OV SSL certificate and EV SSL certificate are free, just make sure your StartSSL account is verified as Class 3 or Class 4 identity.

StartEncrypt together with StartSSL to let your website start to https without any pain, to let your website keep green bar that give more confident to your online customer and bring to online revenue to you. Let’s start to encrypt now.

Please do not reply to this email. This is an unmonitored email address, and replies to this email cannot be responded to or read. If you have any question or comments, just click Here ((https://startssl.com/reply) to send your question to us, thanks.

Best Regards StartCom™ Certification Authority

I wouldn't say it's an alternative to Let's Encrypt... it's better automation tooling for using StartCom as a CA. Kind of misleading. Prior to Let's Encrypt, I used StartCom's free certs, which was always a nice option.

While I appreciate their efforts, it would be nice to see the CAs offer a consistent API for usage/automation... it's really something that should be a bit more commoditized than it currently is.

I was pretty excited at the idea of "free" EV certs, but after reading into it a bit (conveniently the last bullet point after clicking through)

"For OV SSL and EV SSL, just charge the validation cost annually, certificate is FREE!"

You're never going to get "free" EV Certs. The validation and paperwork hassle is too much.

I mean, theoretically "it's possible" but someone would have to be pumping a LOT of money into that org

How much is that tho? Could'nt find it

Reading through the claimed advantages compared to Lets Encrypt:

- Install it automatically. Well yes, certbot will install the certificate for you, it's dishonest to claim otherwise.

- Not just for one domain. I happen to have one LE cert with three domains on it.

- Wildcard support. One genuine claim.

- Two different advantages that both mean "we also offer OV and EV certs". OV certs in particular are a marketing exercise and nothing more - do you really believe any end user anywhere opens up a certificate, hits "details" and scrolls to the right part where they can check if an organisation is listed, and THEN considers what they find when trusting the site?

Feels like a rip off (in name), but the features and difference in limitations vs let's encrypt are interesting!

I say, let the competition in! Probably only (mostly) good things will result.

It's a free product. It would be better to spend dev time improving LetsEncrypt, rather than start another one from scratch.

Well, not necessarily. Let's Encrypt gave us the ACME protocol. Would be nice if we started seeing competing implementations of that.

Competing implementations of which part? There's already a number of clients out there.

I think he's talking about the server.

The only two servers I'm aware of is the LE server and the LE staging server which both run the same software.

It would be really cool to get another CA giving out certs using the protocol.

Oh, absolutely. Enabling other CAs to use the ACME protocol* for certificate provisioning was an explicit goal during its development. As such, it's incredibly disappointing that Startcom decided to build their own incompatible solution here.

*: Yes, that's really what it's called. Stands for "Automatic Certificate Management Environment".

Its not like LetsEncrypt is the optimal solution. Especially the heavy python client and the 90days limit sucks.

There are other clients available. My personal favorite is acme-tiny:

https://github.com/diafygi/acme-tiny

The 90 day validity limit is intentional. It's there to encourage users to automate the renewal process.

Any competition to Let's Encrypt is good. The more SSL deployed the better.