These days a website that throws a security error is enough to drive people away from it and rightfully so. Given the proliferation of scam artists and criminals out there on the interwebs, it is always prudent to use a healthy amount of paranoia. That much said, capitalism never fails to take advantage of fear and paranoia because marketing psychology 101 basically concludes that fear sells. Since fear sells, security certificates for a website are often a rip off but sell because nobody will go to a website that isn’t secure anymore. You used to be able to get away with an unsecured website if you weren’t planning on accepting payments on it. These days are no longer.
My website hosting provider sells certificates for around 9.00 a pop for a basic domain-validated certificate that is good for one year. By domain-validated, I mean that the commercial certificate provider verifies that you indeed do own the domain and are entitled to its use. This is a reasonable price for the less technically inclined. For somebody whom is technically inclined, this price is still pretty good except I refuse to purchase the certificate on the principle that a free alternative exists.
Let’s Encrypt provides free domain-validated certificates that are valid for 90 days. While not as convenient as purchasing one, this is a lot better than throwing money into a dumpster fire. Of course, my hosting provider does not want us knowing about Let’s Encrypt or even to make it really easy to use it. That’s okay because, with a little ingenuity, I figured out how to make it happen. The principle of giving a corporation more of my money really chaps my ass, especially one that outsources its support staff to Russia, The Phillipines, and India.
Now all I have to do is create an alarm to remind myself to renew the certificate on the 89th day. That’s doable and not really so bad. It’s a lot better than buying one certificate for each domain that I use. The so called wildcard certificates, because they would work on your primary domain and any sub-domain, i.e. site2.example.com, would cost almost a 100 bucks. Thank you but no thank you!