Ask HN: What is your experience with ZeroSSL?
As a result, any certificates issued (or renewed) after Feb 8th will not work on older Android devices (< 7.1.1), unless the ACME client has been configure to request an alternate certificate chain. The "alternate chain" workaround will also stop working on June 6th.
I need to support these older Android devices so I am looking for alternatives. I have seen ZeroSSL mentioned a few times; it is also the default CA for acme.sh (the ACME client I am using nowadays) [2]. They have a number of paid plans but ACME certificates are free [3].
I'll be testing this over the next few days, but I would also like to ask if people here have experience with ZeroSSL (good or bad :-). Any feedback would be helpful.
[1]: https://letsencrypt.org/2023/07/10/cross-sign-expiration.html
[2]: https://github.com/acmesh-official/acme.sh
[3]: https://zerossl.com/documentation/acme/
7 comments
[ 3.1 ms ] story [ 32.8 ms ] thread[1] - https://github.com/acmesh-official/acme.sh
[2] - https://zerossl.com/pricing/
“By using ZeroSSL's ACME feature, you will be able to generate an unlimited amount of 90-day SSL certificates at no charge, also supporting multi-domain certificates *and wildcards*. Each certificate you create will be stored in your ZeroSSL account.”
[Edit] I remember now what led me to this conclusion. The error said I needed an account. I looked at the pricing page which indicated I had to pay for wildcards so I immediately looked for the flag to change back to LE. Looking at the pricing page I would still reach this conclusion. There should be some text that makes it obvious that using ACME allows for free wildcards.
I am not sure if this is an oversight or done on purpose..