Hacker News new | past | comments | ask | show | jobs | submit login

It is just as secure, you get nothing more by paying.



Nothing of value, but there usually is some (silly, IMO) justification, such as badges and warranty (practically useless). Funnily, Comodo starts its list of key features with "value" [0]. They also seem more expensive now than I remember them to be (hundreds of USD per certificate/year), and still call both X.509 and TLS "SSL".

Sometimes I hear about people just looking for "SSL certificates" because somebody told them that they should have one, and search engines would lead them to those websites; probably that's how it still works.

[0] https://ssl.comodo.com/sslcomodo-ov-wildcard


So for my personal projects, I use lets encrypt. As far as I know (and I could be wrong now, haven't checked in a while) - their certs are only good for 3 months. Which is simple enough to get around - run a script on your box that updates the cert every 90 days automatically.

At work, we use a paid certificate that is good for a longer period of time (normally a year). So that's one benefit to paying, I suppose.

As far as encryption technologies and security, the traffic encrypted by a lets encrypt cert is just as secure as the traffic secured by a paid-for CA signed cert.


The fact that Let's Encrypt certificates expire quickly is a feature, not anything to do with paid vs. non-paid.

Let's Encrypt could have just as easily generated certificates good for a year or more. But the point of Let's Encrypt is to force you to do this in an automated way, using scripts like you suggest.

You're not getting around anything. The choice was by design.

https://letsencrypt.org/2015/11/09/why-90-days.html


They have a built in command for their 'certbot' cli now that you can use to have your certificates update automatically.

(It's been a bit sinse I went through it but I think it may be as simple as a extra flag in the command to generate the inital cert)


Usually you set up auto-renewal with lets encrypt. Easier than remembering to renew every year.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: