Hey Rick,
In the past for SSL certs we've used RapidSSL. They are no more and are now a part of DigiCert. DigiCert's prices are way higher and so we are now looking into other options for SSL.
I found an article you wrote back in 2016 on Lets Encrypt (https://weblog.west-wind.com/posts/2016/Feb/22/Using-Lets-Encrypt-with-IIS-on-Windows) and I was wondering if you still recommend them? You also mentioned in the article that you used https://dnsimple.com/ssl-certificates and I didn't know if that's a better option than Lets Encrypt?
My hesitation with LetsEncrypt before was that we use a Wild Card cert for our sites (easier / only 1 cert to worry about and we host multiple sites on the same server ) and we use Round Robin DNS for load balancing on 1 of our sites and so the wild card cert was an easy way to put the same 'cert' if you will on each of the servers in the round robin. I believe I heard Lets Encrypt now supports wild cards? But not sure how that works with the 'validation' they have to do on each server?
What would be your current recommendations for where to get wild card SSL certs from?
Thanks,
Scott
I used to use a wild card certificates, but once I realized how easy it is to get a certificate registered and assigned I switched to just using single site Lets Encrypt certs. If you use the tooling for assigning it's a one step process that's as fast as actually assigning the cert manually in IIS, so there's no real difference in effort.
Lets Encrypt now also supports wild card certificates although I've not tried that out myself.
+++ Rick ---
Hey Rick,
Thanks for the info. You also mentioned the DNSimple that you used to use. Are they a good way to go? They only charge 100 bucks for a wildcard cert which is a plus.
We use our wild card cert on some testing computers / sites internally to test features that require SSL in the browsers (i.e. location) and since it's not a public DNS record, the lets encrypt stuff won't work for our testing enviornment. Wondering if the DNSimple would be a good way to go since we can port the wild card to our testing computers. Just not sure what your experience with them was?
I like DNS Simple and their wildcard domains are priced well. I can't recall off hand whether you need to have a DNS account with them or if you can buy directly... if it's the latter then yeah that's a good deal and they're easy to deal with.
For the DNS Services - it's an easy to use service, but they kind of pissed me off recently by changing their pricing from totally reasonable to way too much recently including forcing upgrading of an old legacy account. So not happy about that, and the DNS management pricing is pretty expensive for what it provides...
+++ Rick ---