14 comments

[ 3.6 ms ] story [ 45.8 ms ] thread
My site is a local webserver listening to localhost. Please give me the free certificate for 127.0.0.1 so I can use webworkers. F*ck you google, I know whats secure for me.
Import your own CA into the browser?
For local websites, there are a couple of workarounds with Chrome in particular. I think creating a self-signed certificate and then adding it to Chrome should work to enable web-workers, but I haven't tested this. There's a chrome://flags thing to disable some security on localhost, but I don't know if this will enable web workers specifically. Anyway, check out this thread for things to try: https://stackoverflow.com/questions/7580508/getting-chrome-t...
Get a certificate for a domain you control, then edit your /etc/hosts file to make that domain point to localhost – voila, valid cert for a server running locally.
This site violates Betteridge's Law.
This site doesn't address the countless small sites on $3/month shared-hosting plans. These generally do not provide shell access, so there's no way to use Let's Encrypt, therefor switching to https is not free, which means their assertion for point #4 is flat-out wrong. Web-hosting plans with shell access generally cost more money.
There's nothing stopping the shared-hosting providers from handling the Let's Encrypt process for their clients themselves, and then either just using the resulting certs for client sites automatically or exposing an interface for generating and applying a cert through their Web control panel.

They don't do that currently because customers aren't asking for it. If customers start asking, some will start. And once a few shared-hosting providers start providing HTTPS hosting, market pressure from educated customers can push the others into following suit.

>They don't do that currently because customers aren't asking for it.

No, they don't do it because they offer their own "partner" services for $$.

You can still use LE without shell access, you can manually upload the verification files and have your domain validated that way. You can even use DNS to verify the ownership of a domain.
I recommend moving those cheap shared-hosting to VPS server, which don't cost more these days. For example, Vultr is only $2.50/month. Others like Ramnode.com can also be had for less than $3/month. For about the same price, you'd get better security, greater flexibility, and often better performance.
And much higher maintenance cost and learning curve.
Popular freehoster lima-city.de (which I currently use to host gir.st) has started to offer free, one-click, automatically renewing LE certs.

What I want to say:

* the number of hosting companies to start offering LE will only rise from there.

* there's no need for shell access or even much knowledge of HTTPS required on the customer side.

Well I don't know for US, but in Europe you can go to OVH and get a less than 2€ per month web hosting plan with SSL included
I didn't know about Caddy Webserver, andit looks really nice. I will look into replacing nginx, which has become way more complex than I need, for hosting my static generated blog/website.