How much is your SSL costing you?
I’m just curious. My various hosters have gone from free to about £40.
However, I’ve just emailed another of my hosts to ask how much it will cost and he’s quoted me:
Simple SSL £89.99 per year
• Based on the product from Starfield Technologies
• SHA-2 and 2048-bit encryption
and then a standard option for £200 annually and an extended verification ssl for £450 per year.
I’m baffled, never heard of costs that high. The website is fairly simple with only a paypal feature on one shop page. Rarely gets updated. http://www.wesmcghee.com/
Is this hoster taking the piss or am I being naive?
Be aware there are different types of certifs… The free and cheaper ones may be “shared” certificates. If you are on a shared server one certif will be used for everyone on the server. If your site takes cc info I believe most card processors require you to have a dedicated certificate. Search the web (shared vs private ssl) to verify and check. I believe if your needs cause you to require a dedicated certificate you also need to have a dedicated ip address. That is also why dedicated ssl costs more. If your customers checkout using Paypal then I believe shared ssl is fine for you.
I think your host is taking the you know what.
Every decent host now offers free Let’s Encrypt certs along with the paid options for e-commerce, banks etc.
If payments are being processed through PayPal, you don’t need anything other than a free Let’s Encrypt cert. Obviously, some hosts are taking advantage of the fact that every site should have an SSL cert these days.
I had SSL added to my plan with no additional charge. It may be time to look around for a new host.
Let’s Encrypt are not shared certificates, and should be all you need. The paid certificates usually have an insurance bond that comes with them, so if someone should break the encryption you have some coverage.
I haven’t seen a “shared certificate” offered in years, to share a SSL cert. you would have run the sites under the same domain, or the browser would give an error.
As Neil (@NeilUK) pointed out all the payment platforms (PayPal, Strip, etc) all you need is a free certificate.
If a hosting company only offers paid certificates, I would find another host. There’s plenty of them that do.
You could use Cloudflare. It’s free for what you need. @ben has written up a couple of blog posts and recorded a tutorial on it.
Check em out:
Hope that helps!
Chillidog offers free SSL via Let’s Encrypt. I’ve been moving my sites over from Little Oak to Chillidog and that’s one of the reasons.
You can get them direct from Comodo at comodosslstore.com pretty cheap - depending on what you want.
Of course, it still gets even more expensive depending on the exact type of SSL cert you want - check out their site.
I bought a 2 year SSL certificate from my host LCN in February this year. Cost £44.95 and was relatively easy to setup.
Switched 3 sites over and it was painless.
I switched all my sites out of UK2 because (1) they didn’t provide free certificates and (2) they started charging an arm and a leg for email accounts. I’d been with them for more than 20 years.
Free Lets Encrypt. Switched from Bluehost after 9 years because they would only provide free SSLs for Wordpress.
I use MacHighway and they charged $10 per site and did all the work. They provided an online form for each site. Filled out the form, hit send, and that was it. Seemed like a good deal to me.
@Hanko - Henry - double-check what you got. I also have MacHighway, and they offered a deal on the SSL for $10 THIS YEAR. Next year, unless they do another special, it’s $49.
@smokyhills Fred, obviously I did not look closely and did not know it was a yearly charge. Not happy about that. Are there hosting services that have lower rates?
Henry - I’m planning on going to Chillidog. Greg has a free SSL and is a great supporter of Rapidweaver.
Greg and I did an entire podcast episode on SSL certs.
Summary: you should not be paying for SSL certs.
Brilliant, thanks everybody for your input I will go through all of the advice, and listen to your podcast of course Joe!
CloudFlare looks interesting but it does say in the text below the video that ‘the “flexible SSL” option with CloudFlare means the connection to CloudFlare is secure but isn’t between CloudFlare and your server.’
So doesn’t that really negate the secure aspect of CloudFlare then?