SSL certificates for multiple sites

philiporchard · Apr 5, 2017

I have a dedicated server with Fashosts which we run 99% of our sites on.
We want to move them all over to https (let's assume probably about 75 sites)
It's a Windows Server 2012 R2

Can anyone make any good recommendations about buying multiple domain SSL certificates.

Many thanks, Phil

davedevelopment · Apr 5, 2017

I think that might cost a fair bit for a SAN cert! Let's see, digicert charge $299/year and that included 4 names, plus $49 for every extra domain and you're up to nearly $4k a year.

I guess it depends on how big the sites are for you, assuming IIS supports SNI, you could put individual certificates on each site for free. I'm not sure on the current state of SNI support in devices/browsers, but I think it's pretty good.

philiporchard · Apr 5, 2017

Gulp - sounds pricey!

Adam H · Apr 5, 2017

I'm afraid ive never touched a Windows Server, but id say its probably worth looking into integrating Lets encrypt, couple of searches and it seems its possible but i cant help any further than that : https://www.server-essentials.com/s...or-access-anywhere-and-automatically-renew-it

Might be worth seeing if fasthosts can integrate it for you , maybe pay them to do so

EDIT : another reference :

https://www.coderamblings.net/archi...s-server-and-help-make-the-web-a-safer-place/

Edwin · Apr 5, 2017

Positive SSL multi-domain from these guys comes out at £769.22/year for 75 domains. That's still "real money" but a lot less than $4,000. And you can get it down to an effective £651.37/year if you pre-pay for 3 years up front.
https://www.namecheap.com/security/ssl-certificates/comodo.aspx

RobM · Apr 5, 2017

Can you not just use free ssl at letsencrypt? Obviously it's only free until google force everyone to make this unnecessary change then take over the company and start charging everyone for certificates *and* keeping logs of what's being encrypted so as to better 'serve' us with advertising.

dog · Apr 5, 2017

I'd recommend switching web hosting companies and moving to a Linux server.

Deploy the LetsEncrypt client. Move all your sites over to SSL for free.

lazarus · Apr 5, 2017

Hi, Go with guru hosting, every domain you add in WHM automatically receives an SSL

philiporchard · Apr 5, 2017

Thanks for all the comments. I'll let you know which route we go down!

njf · Apr 5, 2017

+1 for LetsEncrypt.

Their certs are free, and they have a slick deployment/renewal system (for Linux that is, Windows YMMV) - Nick.

Carlos · Apr 6, 2017

If you move to a linux dedicated with WHM 58.0.x or above, all your domains will have free Comodo SSL cert.
They will be auto installed and auto renewed.

philiporchard · Apr 6, 2017

Thanks for all comments. Bought these:
https://www.namecheap.com/security/ssl-certificates/comodo/positivessl-multi-domain.aspx

Adam H · Apr 6, 2017

Thats going to be expensive for 75 domains, something like £700 - £800 a year, seems a silly cost compared to Free SSL's if you can find someone to compile Lets Encrypt into Windows Server.

Adam H · Apr 6, 2017

amfletchers said:
I wonder what benefit you hope to get from having these SSL certificates?

I've moved a few of my sites over to https (free ssl with host) and haven't seen any advantage at all. There was a thread here a while ago where all the people commenting said they saw no change (either positive or negative) from moving to a SSL. Eventually I think it will be important, maybe 2-3 years from now but I think I'd hold on to my £700 for now.

The main benefit being encrypted data , helping towards a safer more private web ? Which will be industry standard before long, the perceived other benefits people speak of such as increased trust from Google shouldn't even be a consideration, it should be considered a future proofing...a nice and early warning and a chance to over come any potential issues as a result of the switch ( such as incompatible scripts, revenue diversity etc ) rather than being thrown in at the deep end when one day search engines say "well we warned you, insecure protocols we will no longer list in prime positions".

Edwin · Apr 6, 2017

Except when everyone moves to https it may have the opposite of the intended effect. There was a long piece about this a little while back but I can't put my finger on it now.

In broad strokes: the more clued in folk see https as a signal of trust. But when all websites are encrypted - including the scammy and phishing ones - that distinction will be meaningless.

Anyway, glad you found a solution that matched your use case!

Adam H · Apr 6, 2017

Edwin said:
Except when everyone moves to https it may have the opposite of the intended effect. There was a long piece about this a little while back but I can't put my finger on it now.

In broad strokes: the more clued in folk see https as a signal of trust. But when all websites are encrypted - including the scammy and phishing ones - that distinction will be meaningless.

Anyway, glad you found a solution that matched your use case!

There was an article the other day about a phishing bank webpage on a subdomain of a random URL being issued a an SSL cert, people saw the https padlock and assumed it was real instead of still checking the URL was the actual bank. Thats a misconception of the trust https gives like you say, or at least at whats been pitched to general joe public when certificates were manually issued.

https shouldnt be used as a scape goat for a lack of common sense. People still have to be vigilant, https does what it says on the tin, it encrypts the data for the site its being used on, it doesnt protect against sites being hacked, it doesnt protect from unethical practices on 3rd party URL's which look and feel like the real thing.

Adam H · Apr 6, 2017

Article on the subject published today by Linode on medium : https://medium.com/linode-cube/how-to-use-and-why-you-need-lets-encrypt-more-than-ever-5e04131b3a12

Adam H · Apr 6, 2017

I personally wouldnt pay for SSL now let alone for the next couple of years, for basic certificates its free you've just got to have your own VPS/Dedi and/or a host that provides them via lets encrypt. So yeah I agree I wouldnt pay £700 either.

dazc · Apr 6, 2017

amfletchers said:
I see it being at least 2-3 years away before Google really uses this as a real big ranking factor (maybe with ecommerce sites needing it far sooner) for most sites. I think I'd be keeping my £1,400 and doing the SSL's in two years, I personally wouldn't be investing so highly in a "safer more private web" with no expected ROI.

You could use cloudflare's flexible ssl tomorrow for free. It may not be the ideal solution but compared to betting on a notion that google won't be doing anything for two years it's gotta be better, no?

You would also be getting the benefit of http2 which a lot of switchers haven't thought about yet.

dog · Apr 7, 2017

Good point.

Carlos said:
If you move to a linux dedicated with WHM 58.0.x or above, all your domains will have free Comodo SSL cert.
They will be auto installed and auto renewed.

As @Adam H said I wouldn't pay for SSL certs. Why pay with LetsEncrypt and cpanel autossl?