
EuroDNS introduces free SSL certificates to customers - aadlani
http://news.eurodns.com/eurodns-introduces-free-ssl-certificates-to-customers/
======
tombrossman
If they had announced this before the Let's Encrypt[0] initiative it would
have been more impressive, but still it is a nice gesture to offer these for
the month or two that people are still buying them. I wonder if it is a
preemptive move to keep customers from taking their certificates elsewhere, as
you will be able to do with the Let's Encrypt certs?

Reading the rest of the announcement, It looks like they are slowly catching
up to Gandi.net, who have offered free one year certs and other features (two-
step verification and domain privacy) for a while now.

They are a bit behind the curve compared to better Registrars but still light
years ahead of garbage like GoDaddy, etc, so good on them for offering this.

[0][https://letsencrypt.org/](https://letsencrypt.org/)

~~~
akerl_
Even in a world where Lets Encrypt exists and actually provides free certs, I
don't want a world where they become the SPOF for all certs, and I can't even
imagine that they want that world.

Insofar as I can guess the end-game, it seems like they want to offer free
certs so that providers like EuroDNS do exactly this. That way we have lots of
providers offering free certs and competing on features and security rather
than cost.

~~~
JoshTriplett
> Even in a world where Lets Encrypt exists and actually provides free certs,
> I don't want a world where they become the SPOF for all certs, and I can't
> even imagine that they want that world.

Considering that Let's Encrypt seems to be planning to release all their
software as Open Source, it seems like anyone willing to go through the time-
consuming and expensive audit process could become a provider using similar
infrastructure.

In particular, Let's Encrypt isn't just about the free certificates, it's
about having automatic renewal and easy setup. Automatic renewal in particular
is something I haven't seen from any other provider; I don't know any CAs that
even have an API. I'd like to see _that_ become a minimum expectation from all
CAs.

I wonder sometimes why Amazon doesn't offer a CA as part of the AWS family of
services, with an API for creating new certificates.

------
dtech
According to their site, [http://blog.eurodns.com/eurodns-ssl-
certificates/](http://blog.eurodns.com/eurodns-ssl-certificates/), this is
only for domains registered with them. So it's not really free.

StartCom/StarSSL has provided fully free certificates for some time:
[http://www.startssl.com/?app=1](http://www.startssl.com/?app=1)

 _edit_ : Title is now clearer, I believe the "to customers" portion wasn't
initially there. Or I just suck at reading.

~~~
feld
StartSSL has been on the naughty list for a while

They charge for revocation, so it negates the entire idea of a "free
certificate" if you can't properly revoke them without forking over money. It
literally breaks the entire idea of revocation.

This was made very clear when Heartbleed happened

~~~
UnoriginalGuy
Revocation is pretty broken even without that. Instead of explaining why I'll
just link this:

[http://news.netcraft.com/archives/2013/05/13/how-
certificate...](http://news.netcraft.com/archives/2013/05/13/how-certificate-
revocation-doesnt-work-in-practice.html)

------
pushrax
While a step in the right direction for EuroDNS, it's not really exciting at
all. We need more completely free CAs.

~~~
Animats
No, we don't. The CA is supposed to verify the owner of the certificate and
stand behind that with a financial guarantee. Otherwise, it's just security
theater.

~~~
eugeneionesco
I'm getting certificates for various websites with fake details for years now.
The theater is there already, it would and we should not pay for it anyway.

~~~
Animats
Please post bad certs on "dev-security-policy@lists.mozilla.org". They can be
revoked. Mozilla is introducing a Mozilla-controlled revocation list in
Firefox 37.

There's a lot going on to tighten up the CA world.

------
0x0
Their annual domain registration prices appear to be 50-100% higher than many
other registrars, so I'm not sure how "free" this is...

~~~
aadlani
True, it's not the cheapest but EuroDNS is more service oriented with a free
mailbox, a free ssl certificate, 4 name servers with Anycast nodes. And the
renewals remain usually at the same price, and not the first year under the
real cost price as some does in the industry.

~~~
kogepathic
Former EuroDNS customer here. While you guys do offer Open-Xchange for free,
it's the limited version lacking many features. Also, last year your engineers
disabled SSL on your open-Xchange server for a few days until someone
complained and you re-enabled it. [0]

Also I found your web management interface to be difficult to navigate. I
often had to go looking in your KB to find answers for how to do simple things
like update A records (Namecheap does this much better).

The one positive thing I will say from my time as a EuroDNS customer is that
you do allow people to register European domains that require residence,
acting as the Technical contact for customers who are not living in Europe.

But overall, the higher prices and below average service weren't a compelling
reason to stick with you guys. Other registrars like Namecheap also offer free
SSL certificates for new registrations and multiple DNS servers.

[0]
[https://twitter.com/h_martien/status/514824795599687681](https://twitter.com/h_martien/status/514824795599687681)

------
_sandb_
According to [https://www.eurodns.com/ssl-certificate-
faq/#whatisincluded](https://www.eurodns.com/ssl-certificate-
faq/#whatisincluded)

"For an additional fee you can add a wildcard to the Alpha SSL certificate
meaning that the certificate can be used on an unlimited number of subdomains
and servers. The wildcard option allows for additional subdomains or servers
to be added in the future."

... so no wildcards for free. fyi.

~~~
pixl97
I don't know of any service that allows wildcards for free.

------
slezyr
So, we’re giving a free, fully featured Alpha SSL certificate for every
______domain name you’ve got registered with us____ __.

------
izietto
Does anyone know any offers like this one but with wildcard certificates?

------
jgrahamc
If I'm reading this correctly this is a certificate for a single domain
registered with EuroDNS and does not include a wildcard.

Alternatively you could use CloudFlare's Universal SSL:
[https://blog.cloudflare.com/introducing-universal-
ssl/](https://blog.cloudflare.com/introducing-universal-ssl/)

~~~
StavrosK
That allows CloudFlare to MITM your SSL, so I'm torn on whether it's better
than plaintext. Sure, it reduces the points where people can read your data
down to one, but it also makes SSL go from "definitely secure to the server"
to "probably secure".

~~~
jgrahamc
Do you feel the same way about SSL termination on an Amazon ELB?

~~~
StavrosK
Yeah, as well as hosting on AWS.

~~~
duaneb
Also, running on a CPU you didn't hand-solder.

~~~
StavrosK
I think the gain drops off sharply after hosting on your own server.

------
oliao
Anyone knows if revoking certificates is also free?

~~~
aadlani
Hi, Yes the revocation is free, and you could generate a new one after for
free.

------
dingaling
Their Alpha certs ( the type being provided in this promotion ) expire after
one year.

It's not clear from their documentation whether your free single-domain cert
will be renewed for free after that, so worth checking before rushing in.

~~~
aadlani
Hi @dingaling, I'm working at EuroDNS and I confirm you that this is not only
a promotion, but it will be free for the lifetime of your domain at EuroDNS.

------
jagermo
Ok, for the semi-newb here - this would do if I just wanted to secure a single
site (e.g. a blog) without a subdomain, right?

Because I should really get on that

~~~
aadlani
Hi, you could have blog.yourdomain.tld and yourdomain.tld in the same
certificate for free.

edit: to make it simple you have the right of one sub domain and the root
domain without subdomain. As soon as you need more than one, you will need to
go for a wildcard (which is not free).

~~~
jagermo
perfect, thanks.

