My SSL Certificate has Expired

Submitted by C B Wright on

I let this sneak up on me... again. If you visit this site, you'll be receiving messages from your browser telling you OH MY GOD THE SSL ON THIS SITE IS UNSIGNED AND UNTRUSTED AND HAXX0RS ARE STEALING YOUR RECEPIES because today my SSL Certificate expired but good.

I've been shopping around for a new SSL provider for a while, but it hasn't been easy. SSL Certificates aren't cheap. I'd been using GoDaddy, and they actually were pretty cheap, but after they decided to support SOPA I really haven't had much enthusiasm for giving them any more money.

I just bought a cert from Comodo but I still have to go through all the registration/tinkering business, and I won't be able to do that until I get home. So... this won't be resolved until later tonight.

Comments

Comments are active for 30 days after publication. If you wish to comment after 30 days please use the Forums.

I panicked.

I panicked.

My first thoughts...

My first thoughts on seeing the warning were that I had never seen that warning before; but I did remember you leaving a post on how you let a certificate expire before. The details of the warning (who checks those?) says that they cannot confirm whether the site is valid or not.

Good luck with that restoration.

hang in there...

I deal with certs all the time at work -- I'm the local Subject Matter Expert (SME). You'll get thru it eventually. (I think I like Comodo, but we haven't had any good reason to switch from our current provider, and it's a big deal trying to contact everyone who knows us to let them know if we switch.) Good luck, and I hope you can get it done quickly.

----------------------
. -- Scott

Inexpensive or free SSL certificates

Comodo is inexpensive relative to other providers if you get their positivessl brand of certificate. The big advantage of getting from them is you can get 5 year certificates and that's for $6.50/year. Google for "positivessl five year certificates" to find the page where comodo sells them.

However, if a bit of your time and remembering to renew in time each year is worth saving $6.50 a year you can get perfectly good free certificates from startssl.com. They make their money selling a range of products like EV SSL certificates, mutli-domain certificates, signing certificates, etc. and use the free domain certified ones to attract customers. I found getting the certificate even easier than ordering from Comodo. The trick is that as long as you can order the SSL through their automated system without human intervention (using an email address such as webmaster@example.com to prove that you have control of the example.com domain) then it is free. Another downside of Startssl is that if your domain is on a malware blacklist, such as Google's list of sites on which it has downloaded malware in the last 90 days, then StartSSL will reject your application for a free certificate. In that case it takes human intervention to convince them that you are legit so you can buy a certificate from them.

I use both Comodo and startssl, the former when I want to give a client a certificate I don't have to think about for five years and $32.50 isn't much money to them, the latter when I just want an SSL certificate and don't want to spend money on it. Both work fine on production public web sites.

It's too late now...

... I bought the Comodo cert yesterday and am waiting for domain validation to finish before I set it up.

Of course, I also remembered (after purchase) that Comodo was the CA who was hacked by Iran:

http://www.pcmag.com/article2/0,2817,2382518,00.asp

So... there's that.

--
Writer, former musician, occasional cartoonist, and noted authority on his own opinions.

I gave you a one day pass

When I looked at the details it said that the cert expired yesterday, so I went ahead and continued. But I unchecked the "remember this" box. :)

On the plus side, we get this error because your default connection is https. So keep fighting the good fight!

Right now I'm just waiting.

They're "validating my DNS" or something (making sure that I'm really me. They say it can take up to a day, so hopefully today I get my !@#$% cert).

--
Writer, former musician, occasional cartoonist, and noted authority on his own opinions.