If I have it right, once I’ve set up my CNAME record right, I can eventually go:
[Free SSL Certificates\Add SSL Domain\Request SSL Certificate<Let’s Encrypt/GoGetSSL>]
There are two SSL certificate Authorities that I can go to, Let’s Encrypt and GoGetSSL.
These are both free certificates. How long do the free certificates from either of these last before I have to recalculate a private key and re-apply for a new one?
Both are good for 90 days.
You can renew them 1 month before expiry
-Is the quality of either of the two options any better or worse that the other?
-Is it possible to obtain either of them for longer, say, one year, for free, or buy paying?
-Is it possible to renew them even closer to expiry, such as weeks, days, hours, minutes, and by the
same means as before, after expiry?
They are roughly the same
Free SSL are valid for 90 days max.
Paid SSL are good for 1 year max
If your are using custom domain, you can use CloudFlare instead.
Together with a self-signed cert in full SSL mode. It is good for 10 years
Youe website may not work until SSL is renewed
For custom domains, Let’s Encrypt works best. Getting the certificate is fastest and easiest.
For subdomains, I think ZeroSSL is the best decision, but GoGetSSL might be OK too.
What KangJL said, with the added note that we don’t sell SSL certificates ourselves. Let’s Encrypt only does free SSL, but both ZeroSSL and GoGetSSL have paid plans.
Of course, you can request a new certificate basically whenever you want. Just note that people will see a big red warning page if your SSL certificate has expired, so if you want to avoid that, you should make sure to renew the certificate before it expires.
I have looked through Cloudflare, and found the instructions between the InfinityFree end and Cloudflare to be unclear and confusing.
-Is there some easier way, that doesn’t involve dual Hosting like this, for free, that I can easily use InfinityFree with to more easily obtain a free SSL Certificate file from, using the private key from InfinityFree, that would expire after one year or longer?
-Once an InfinityFree internal SSL certificate is approaching is expiration date, does InfinityFree send me a reminder email of this fact, the way my domain name service would as my domain name approaches its expiration date, and it becomes time for domain name renewal?
I don’t know what you mean by dual hosting. Cloudflare is not a hosting provider. And as already explained, free SSL certificates are not valid for more than 90 days unless you get the untrusted self signed certificate.
Yes
Virtually all free SSL certificates are only valid for 90 days. I don’t know of any free SSL certificates that are valid for one year.
And nowadays, you cannot get certificates that are valid for more than one year. Shorter lived certificates are considered safer, because there is less damage if a key gets leaked.
But with many providers, that’s not an issue, because they will just renew your certificate automatically in the background. Premium hosting has this as well, but free hosting does not.
SSL certificates that are valid for a year can be bought at various places.
I get why someone doesn’t want to add Cloudflare to the stack. It’s another service to set up and configure, which means it’s also something that can break. And we see plenty of reports here from people whose website are broken because they configured something incorrectly at Cloudflare.
-Is it possible for InfinityFree to look into integrating Cloudflare, or some other similar SSL Certificate Authority service that is free for longer than 3 months, certainly for 1 year or maybe more, in with InfinityFree’s contained and known SSL Providers, for when you go
[Dashboard\Free SSL Certificates<Add SSL Domain>], so that CloudFlare is far easier to setup?
Possible, put probably not. See what I say below, though.
If you didn’t know, Cloudflare’s Edge certificates are valid for 90 days as well, but they have an auto-renewing service, so you just don’t notice. However, the only way to access this is by adding your site to Cloudflare (by using their nameservers) so they can have control over the Edge SSL/TLS certificate for your domain. And sometimes, Cloudflare doesn’t even issue the certificates themselves! They also use GTS and Let’s Encrypt!
So overall, you can choose one of two things:
You can choose which is better for you. But know that any route you go, your certificate will only last for 90 days (unless you purchase a certificate, then you have the option for one-year validity).
(“Edge Certificate” means which certificate the browser gets sent, read more: Edge certificates · Cloudflare SSL/TLS docs)
We have looked. But Cloudflare is shutting down the hosting provider integration. And we can’t integrate with a provider that doesn’t support integrations.
BuyPass provides certificates that are valid for 6 months and can be integrated just like Let’s Encrypt. But just like Let’s Encrypt, they cannot be used for subdomains.
As I said: free SSLs for a full year do not exist, and SSL certs for more than a year do not exists at all and cannot be obtained from any provider at any price. Browser makers and SSL providers have agreed that certificates that last for more than a year will not be accepted by browsers.
Cloudflare is not an SSL provider. Cloudflare (primarily) provides website optimization services. This includes automatic HTTPS for all sites hosted with them. But they get those certificates from other providers and do not provide those to others.
The answer to your question is not “how to get longer lasting certificates” but “how to remove, or at least reduce, the burden of having to renew the certificate manually”.
Both Cloudflare and premium hosting solve the issue not by having certificates that are valid for a very long time, but by automatically renewing and installing new certificates regularly so your site always has a valid certificate.
Because, for all intents and purposes, long lasting certificates do not exist.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.