
Show HN: Free SSL Certificates - etrackr
https://www.sslforfree.com/
======
theWheez
I like the idea of making encryption easy, but getting my _private_ key from a
third party that isn't the CA itself seems like a big security flaw.

~~~
etrackr
The key is generated and instantly outputted over SSL. Nothing is ever stored
nor would I want that liability. Would it better if I did the private key
generation on the client side so that your browser generates it? The only
issue with that is that it's a lot slower and browser compatibility isn't
great.

~~~
brianberlin
i appreciate the effort to make SSL free and easy. i know the first time I
attempted to use lets encrypt it took a bit of work getting setup. what's the
possibility of using electron and doing the work locally?

~~~
etrackr
Okay sorry, I looked at electron. If you want a local copy you can try
[https://gethttpsforfree.com/](https://gethttpsforfree.com/) it's completely
client sided, you can save the html file and use whenever. You have to
generate your own keys and CSR though

~~~
ntw1103
I just ran through the process, and it worked very smoothly. No hick-ups, it
just worked. SSLlabs reports an A. Very awesome.

~~~
etrackr
Thanks. SSL should always have been this easy. I used the let's encrypt client
when it came out and it took 3 hours to install on my server requiring root
access. I couldn't get a client working on windows as well so for people
without root access to their server they can't even really get a certificate.
I paid for my certificates before this and it takes at least 30 minutes. This
literally takes seconds once you know your FTP or know how to manually do it.

------
ntw1103
I agree with the other comment that generating this on the server is a
security flaw. That being said, I thought I would give it a try. The manual
verification process doesn't give me any files to upload. FTP is disabled. (I
am using Palemoon, if that matters)

~~~
etrackr
It should work now. There was some browser compatibility problems that I just
fixed.

------
ng-user
Can anyone comment who's used it? Is it generally accepted by most browsers or
is there more issues than that?

~~~
jimmaayn
They use letsencrypt [https://community.letsencrypt.org/t/frequently-asked-
questio...](https://community.letsencrypt.org/t/frequently-asked-questions-
faq/26)

------
kumarski
Does this split the ssl among multiple websites?

~~~
etrackr
This service supports up to 100 domains per certificate using SAN. By default
it secures domain.com and www.domain.com

