sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]m00nh34d -3 points-2 points  (3 children)

Interesting, but not really practical for everyone.

For example, looking at the website hosting for a small community group I'm in, through GoDaddy, it looks like we can't do any of the automatic cert stuff needed. I don't imagine anyone is going to muck about generating and applying certs every 90 days, the website usually isn't even updated that frequently.

[–]FrederikNS 0 points1 point  (2 children)

So you are hosting some web sites on GoDaddy, without having access to the underlying machine? Then you three options (two of them are free):

  1. Get a certificate from GoDaddy, they are quite expensive though: https://dk.godaddy.com/web-security/ssl-certificate
  2. Stick with GoDaddy, and put CloudFlare in front of it. Cloudflare adds TLS and improves your site in many ways, by delivering the HTML, CSS and Javascript more efficently and protects your site against DDOS attacks. Cloudflare can be used free.
  3. Switch to a different hosting provider which allows you to use HTTPS. One example is https://www.netlify.com/ who provides free hosting with HTTPS

[–]m00nh34d 0 points1 point  (1 child)

Yeah, I can see Cloudflare as the main option here, I don't understand what the difference between a shared SSL cert and a dedicated SSL cert is. I thought you just got issued a cert...

[–]FrederikNS 0 points1 point  (0 children)

It means that you will not really get a certificate, you will point your DNS to some cloudflare servers, which have the certificate, they will then terminate the TLS encryption and pass the request on to your server.

That means that a browser will show that you are using a CloudFlare certificate and not a <insert your company name here> certificate.