
The impact of Let's Encrypt on the SSL certificate market - MarionG
https://w3techs.com/blog/entry/the_impact_of_lets_encrypt_on_the_ssl_certificate_market
======
codegeek
I think the impact is huge. For a small fish like me who is managing websites
close to high 2 digits in number, it is saving us over $500/Year already. Not
to mention how easy it is depending on the OS and tools [0] that you can use.
On that note, we just donated to LetsEncrypt. Thank you for what you do.

[0] [https://certbot.eff.org/](https://certbot.eff.org/)

[1] [https://features.cpanel.net/topic/provide-support-for-
lets-e...](https://features.cpanel.net/topic/provide-support-for-lets-encrypt-
automated-certificate-management-ssl)

------
Cozumel
Installing Let's Encrypt on CentOS was a pain because the auto command didn't
work, I found this really useful cpanel plugin that automated it though
[https://github.com/Prajithp/letsencrypt-
cpanel](https://github.com/Prajithp/letsencrypt-cpanel)

Once it actually is easier to generate/install certificates it'll hopefully
see wider adoption.

~~~
codegeek
why a 3rd party plugin ? Cpanel released an official plugin already about a
month ago. See this:

[https://features.cpanel.net/topic/provide-support-for-
lets-e...](https://features.cpanel.net/topic/provide-support-for-lets-encrypt-
automated-certificate-management-ssl)

~~~
Cozumel
I must have missed that, thanks!

------
dijit
Marginally related; please stop asking for wildcard certificates.

[https://newblog.dijit.sh/say-no-to-wildcard-
certs/](https://newblog.dijit.sh/say-no-to-wildcard-certs/)

~~~
lossolo
You exaggerating a lot in this article. If anyone will get access to your
servers then you have a lot bigger problem than him having your ssl
certificate. Point number two is that a lot of companies can't use Let's
Encrypt because of agreements signed with payment processors, government
agencies etc.

~~~
dijit
I'm not exaggerating.

Development servers are absolutely not held to the same levels of scrutiny as
our payment card processing servers.

Not using letsencrypt due to other regulation is perfectly valid- but using
wildcard certificates has a strong potential to cause more harm than simply
using another SSL provider.

~~~
jpobst
The solution that we use for this is to have a separate domain for dev with
its own wildcard certificate, like company-dev.net.

~~~
dijit
Why couldn't you instead have a deployment process that includes calling
certbot automatically for the new domain then? Since the domain is likely
ICANN registered right.

EDIT: it's common courtesy to explain why you downvote a post, as it stands
I'm going to make the assumption the downvoters are simply too lazy to do
things properly.

~~~
bruo
I didn't downvote you, but there are different reasons why you would like to
use a wildcard certificate and even if those reasons are not aligned with your
goals they shouldn't be dismissed.

I know two, at least. For a small communitary school in my city, teachers and
students keep blogs in a wordpress multi user server, for storing data or
doing webdev examples. They have a subdomain setup and cannot use ssl as the
domain name will always be unknown by the person who creates the blog and the
wildcard is too expensive for something they do in their free time.

Sandstorm uses unknown subdomains as a way to avoid possible security issues
[https://docs.sandstorm.io/en/latest/administering/wildcard/#...](https://docs.sandstorm.io/en/latest/administering/wildcard/#why-
sandstorm-needs-wildcard-dns)

I'm sure your points are valid, but you cannot define the thread model of
others so easy. And don't get mad by downvotes, upvoting or downvoting is
pretty boring

