Letsencrypt.org provides free certificates which would expire in 3 months. Do we have some other free SSL resources which would not expire, like 1 year or so?
Thanks for the advice. But AWS cloud will not work in my region -- China.
> There are tools to refresh those certs automatically.
I know these tools. But I have set it up every time. And it will increase the labour work if you have dozens of domains, dozens of servers. Really troublesome to maintain only for the certificates.
If the machine is running linux, try looking into automating the "certbot renew" command.
I have achieved this with an crontab on my servers that run on a day to day basis. This should automatically renew your certificates if they are close to expiry.
There are many third party trusted Certificate Authorities such as GeoTrust, Comodo, Thawte, RapidSSL, who offers free SSL certificate for 30 days and 60 days. And, after trial duration and they will insist you for standard purchase at discounted prices.
Find out SSL certificate authority reviews, SSL installation guide, SSL comparison, SSL certificate errors & solutions, SSL news at AboutSSL.org
According to CAB forum guidelines, Certificate authority cannot issue DV certificate more than 39 months validity and EV certificate for more than 27 months validity.
So you can get DV/BV certificate for maximum for 3 years and EV certificate with maximum 2 year validity because most CAs prefer to issue certificate on yearly base.
No, almost all free ssl certificate comes for a limited time period and then you have to reissue and re-install. But, you can try PositiveSSL Certificate which is cheapest SSL and can be availed for maximum 3 years. It's not free but it's a affordable choice.
Certainty, it's not possible as per the standard protocols CAB forum because any of Certificate Authority can not issue standard SSL more than 39 months. However, you could use scripted tools to put your certificate on auto renewal.
We would advice you that go with easy and quick RapidSSL DV Certificate, because it has easy renewal process. If you need more information on one click enrollment.
7 comments
[ 3.4 ms ] story [ 26.0 ms ] threadBut you could check out AWS Route53 -- I think they provide free certs (non-wildcard).
> There are tools to refresh those certs automatically.
I know these tools. But I have set it up every time. And it will increase the labour work if you have dozens of domains, dozens of servers. Really troublesome to maintain only for the certificates.
I have achieved this with an crontab on my servers that run on a day to day basis. This should automatically renew your certificates if they are close to expiry.
Find out SSL certificate authority reviews, SSL installation guide, SSL comparison, SSL certificate errors & solutions, SSL news at AboutSSL.org
https://cabforum.org/faq-about-the-baseline-requirements/ https://cabforum.org/wp-content/uploads/EV-SSL-Certificate-G...
So you can get DV/BV certificate for maximum for 3 years and EV certificate with maximum 2 year validity because most CAs prefer to issue certificate on yearly base.
We would advice you that go with easy and quick RapidSSL DV Certificate, because it has easy renewal process. If you need more information on one click enrollment.