SSL Cert Vendor Recommendation, Please

Discussion in 'App Development' started by kmiklas, Aug 17, 2021.

  1. kmiklas


    Can anyone please recommend a reputable place to get an SSL cert?

    I have a bunch of Web sites showing "Not Secure" and it's effing annoying.

    Thanks, Keith
  2. ValeryN


    They support auto-renewal flow which is a great benefit.
    Spaghetti Code, Baron and kmiklas like this.
  3. rkr


    I use Let's Encrypt mainly and also recommend it.

    If your websites/apps are already on AWS, I recommend AWS Certificate Manager (ACM) which also gives free SSL certs.
    kmiklas likes this.
  4. ChaelBu


    My vote goes for Let's Encrypt aswell.
    Also depends where you host your websites maybe check the ssl certs on your hosting provider or if you have your own server Let's Encrypt is your best choice.
    kmiklas likes this.
  5. 2rosy


    create your own in a few seconds
    kmiklas likes this.
  6. rkr


    I think it's OK to use a self-signed certificate for internal sites (e.g. behind VPN and you or only members in your organization are the only ones using it). The "Not secure" warning on your browser won't go away with a self-signed SSL certificate, but your traffic is still encrypted.

    But I think OP's issue is with a public site that he/she is hosting, so they need a verifiable certificate authority.
    kmiklas likes this.
  7. kmiklas


    Thanks everyone for the helpful comments.
  8. Baron

    Baron ET Founder

    I use letsencrypt too, just FYI.
    kmiklas likes this.
  9. kmiklas


    So this was a huge help.

    I host about 20 sites on the side, and I'm migrating them off my GoDaddy hosting. They recommended I purchase Business hosting for about $650/year, which comes with a cert for all hosted sites.

    Instead, I set up nginx on an AWS Ubuntu instance, created a cert via letsencrypt, and manually installed by editing nginx.conf. voila! Everything up, running, and secure at a fraction of the cost. Furthermore, I now understand the cert creation and installation process.

    I really appreciate the recommendation. :thumbsup:
    Last edited: Aug 18, 2021
    ValeryN and Baron like this.
  10. rkr


    Just to be sure you crossed all the T's - the certs have a lifetime of 90 days, so I'd recommend you set up some kind of autorenewal process. Something like adding this to your Ubuntu instance's crontab:

    15 3 * * * /usr/bin/certbot renew --quiet

    Alternatively I've had good experience using Traefik in lieu of nginx and Traefik also performs auto-renewal for you.
    #10     Aug 18, 2021
    Baron and kmiklas like this.