Who renews SSL certificates?

Whose job is it to renew SSL certificates for domains and emails? I’ve been getting errors on some of mine for a few years now. My host sent me emails overnight saying they’ve been expired since 2017 and all the email said was how to turn off the notifications in cpanel, nothing about actually fixing the problem. I’ve been unable to use those accounts on my mobile devices for many years, and even sending from my MBP requires using Comcast as the outgoing server - I suspect that is all the SSL issue.

All of my domains are registered with Godaddy or register.com, and the two domains complaining are hosted by hostingcheck (who used to be nomonthlyfees). I’ve been with them for ~20 years and never had to do anything with certificates.

Thanks
Diane

If it’s your server, then you are.

How did you create them in the first place? Whatever you did then, you need to do again now. If they were created for you by your hosting provider, contact their customer support for help if you don’t know how.

Thanks, I pay for 600mb of space on a server. I’ve gone back through my emails and see no references to me having done it before, so I think they did it in the past. I like to ask first because they always blame the customer first anyway.

Diane

I would have thought that any good hosting company renews SSL certs automatically. Mine uses/offers the free Letsencrypt certs, they are valid for 90 days and AFAIK renew 30 days before expiry. Never had any trouble with this.

I’m sure they did it before too. I opened up a ticket this morning and am still waiting to hear back.

But wait! I just went to my old Eudora machine for earlier emails. In 2017 they had sent out emails offering a special deal on SSL prices. I know I never paid for anything other than hosting with them.

They were offering the “one time low fee” of $197 for lifetime certificates. I had three domains so I passed. It says they normally charge $100/year.

So! I moved one of my accounts away from them in the fall. Looks like the others will be moving as soon as work quiets down. It’s long overdue.

Diane

Let’s Encrypt is a great service for what they offer. Their certificates don’t prove anything other than that your web server belongs to your domain (in addition to the encryption aspect - which is their primary focus). There is no further proof of identity provided, but that’s fine because it’s a free service.

More robust certificates that identify the owner of a site/domain (that is, the specific person or corporation) and not just that the DNS hasn’t been spoofed are not free and are often not cheap. This is because the certificate authority is issuing a certificate certifying that the owner is who they say it is. As such, they require proof of ID and other related documentation, and background checks are not cheap.

But unless you’re conducting e-commerce, you probably don’t need more than a basic certificate like what Let’s Encrypt provides.

2 Likes

Google offers free SSL with a Domain purchase or transfer.

I would suggest that even if you are conducting e-commerce, you don’t need anything more than a basic certificate. The EV certificates are essentially a scam to extract money from people/companies based on fear. They don’t really prove identity. Troy Hunt has a series of articles on this, but for a good overview, see the most recent:

1 Like