IIS and Web Servers
SSL Certs / Lets Encrypt
Gravatar is a globally recognized avatar based on your email address. SSL Certs / Lets Encrypt
  Scott R
  All
  Feb 15, 2021 @ 09:56am

Hey Rick,

In the past for SSL certs we've used RapidSSL. They are no more and are now a part of DigiCert. DigiCert's prices are way higher and so we are now looking into other options for SSL.

I found an article you wrote back in 2016 on Lets Encrypt (https://weblog.west-wind.com/posts/2016/Feb/22/Using-Lets-Encrypt-with-IIS-on-Windows) and I was wondering if you still recommend them? You also mentioned in the article that you used https://dnsimple.com/ssl-certificates and I didn't know if that's a better option than Lets Encrypt?

My hesitation with LetsEncrypt before was that we use a Wild Card cert for our sites (easier / only 1 cert to worry about and we host multiple sites on the same server ) and we use Round Robin DNS for load balancing on 1 of our sites and so the wild card cert was an easy way to put the same 'cert' if you will on each of the servers in the round robin. I believe I heard Lets Encrypt now supports wild cards? But not sure how that works with the 'validation' they have to do on each server?

What would be your current recommendations for where to get wild card SSL certs from?

Thanks,

Scott

Gravatar is a globally recognized avatar based on your email address. re: SSL Certs / Lets Encrypt
  Rick Strahl
  Scott R
  Feb 15, 2021 @ 11:44am

I used to use a wild card certificates, but once I realized how easy it is to get a certificate registered and assigned I switched to just using single site Lets Encrypt certs. If you use the tooling for assigning it's a one step process that's as fast as actually assigning the cert manually in IIS, so there's no real difference in effort.

Lets Encrypt now also supports wild card certificates although I've not tried that out myself.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: SSL Certs / Lets Encrypt
  Scott R
  Rick Strahl
  Feb 15, 2021 @ 12:53pm

Hey Rick,

Thanks for the info. You also mentioned the DNSimple that you used to use. Are they a good way to go? They only charge 100 bucks for a wildcard cert which is a plus.

We use our wild card cert on some testing computers / sites internally to test features that require SSL in the browsers (i.e. location) and since it's not a public DNS record, the lets encrypt stuff won't work for our testing enviornment. Wondering if the DNSimple would be a good way to go since we can port the wild card to our testing computers. Just not sure what your experience with them was?

Gravatar is a globally recognized avatar based on your email address. re: SSL Certs / Lets Encrypt
  Rick Strahl
  Scott R
  Feb 15, 2021 @ 04:53pm

I like DNS Simple and their wildcard domains are priced well. I can't recall off hand whether you need to have a DNS account with them or if you can buy directly... if it's the latter then yeah that's a good deal and they're easy to deal with.

For the DNS Services - it's an easy to use service, but they kind of pissed me off recently by changing their pricing from totally reasonable to way too much recently including forcing upgrading of an old legacy account. So not happy about that, and the DNS management pricing is pretty expensive for what it provides...

+++ Rick ---

© 1996-2021