NOT related with their ssl campaign but : What are the other trust able alternatives to Namecheap?
I love them but after they "updated" their design, every time i try to buy/renew domains I'm having nervous breakdown :
* It's impossible to find what I'm looking for.
* Facebook style panel menu ( I don't know how they calling it ) makes only sense on tablets/phones, on desktop it's just pain...
* New design uses screen real estate really bad. My screen filled with big buttons, big texts and senseless images... Information that I'm looking for is lost between them.
* Gray text on white background... Not so readable...
I mostly use Namecheap, because, well it's cheap ;) (and also a good service). But for the domains I really care about I use https://www.pairnic.com/index.html . PairNIC provides free phone support staffed by technical folks (during business hours in Pittsburgh, PA). It's $19/year. And I use http://www.gandi.net/ for the esoteric TLD's.
I've had good experiences with name.com, price and service -wise ... the frontpage isn't as slick, but once logged in the UI is nicer. Have yet to see a registrar with an actual good interface though :|
I recently tried out badger.com, and I like their UI. They have a demo of their UI you can try before buying. They also offer some nifty built-ins like automatic Heroku integration.
I am also looking for a new registrar since Moniker has turned in to a shadow of it former self. First, the customer support took a nosedive. Now, they redesigned the site and its a mess.
The Namecheap redesign is also a bit messy. They have a mix of the old design plus some new interfaces. Also, we've been waiting for ages for them to implement 2 factor authentication and when they finally do it, it's an SMS only solution that's no good for those that are without constant coverage or need to travel outside the country.
This probably isn't quite what you were asking, but for DNS hosting, I'm enjoying PointDNS[1]. They give you unlimited records for one domain, which is all I've used to this point. But their rates seem quite reasonable, so I'd be happy to pay them when I have the need.
Biggest downside is that they don't support many advanced DNS features such as Anycast, GeoDNS, and DNSSEC.
http://www.namesilo.com/ is my go to go for cheap .coms. I don't know about their support (never needed it) but they're fast, support 2fa and, well, are cheap :)
ssls.com is another trusted alternative...and it's owned by Namecheap with a different design.
Curious - are you still encountering those issues? That may be from the initial launch in January but we haven't heard about this from others. We definitely appreciate the feedback though.
I experienced similar issues this weekend while trying to register a new domain. Once logged in, my immediate impression was that I should click the "Domains" dropdown from the white navbar to manage my domains. The actual links I need are hidden behind the expanded menu, it would be nice highlight these options better since they're the primary use case for logged in users.
The only other issue I've noticed is a large disconnect between the new aesthetic of the landing page (which I quite enjoy) and the yet-unchanged UI of the dashboard.
Yes they are actual issues : I had to renew one of my domains today and I'm really frustrated with the UI. I also realized I didn't checked namecheap for a while because I had same issues when i used namecheap last time.
I don't know why others didn't reported UI issues but in my case : Opening a support ticket didn't seem to be a good option, it was an UI issue and wasn't related to billing or some technical problem.
Their regular prices aren't expensive -- $9.78 for Comodo PositiveSSL and $11.90 for Geotrust RapidSSL. But it would be nice to have a moderate recurring discount instead of a one-time break.
I'm guessing that these "limits" actually are just marketing-speak that refer to a couple of things that are more suited to smaller/medium sized sizes:
- Warranty amount ($10k on the PositiveSSL certificate)
- Single domain
- Only domain validation
Larger e-commerce stores may need wildcard or multiple domain certificates, a higher warranty amount, organization, or extended validation (the green bar in the address bar). There isn't any inherent limitation to bandwidth or traffic with these certificates.
I never understood the thing with the warranty at all. Isn't it just a marketing gag? Or has anyone ever been able to claim the money from a CA for whatever reason?
Basically a marketing gig, as the terms to collect tend to be ridiculous.
Look at Comodo for instance. To collect their insurance policy they have to issue a certificate to someone who isn't you, and then that certificate has to be used to steal someone's money. In that case they may actually already be liable, but they're saying they'll just give you up to $10,000 to deal with it.
> We believe it is important to protect the end user. If we were to mis-issue a certificate to a fraudulent site, that fraudulent site has an SSL link with an end user and as a result of this the end user loses money the end user had what they thought was a "trusted session". Comodo should never have provided the fraudster with the ability to engineer this situation we therefore have insurance to pay the end user for any losses that they may incur. Why would we do this?
Your choice of SSL certificate makes no difference at all. Well, except that some appear green on Firefox, while some are blue, and others are white (but I think newer versions stopped doing that).
If any of them goes rouge, you're still on the line, whoever you buy from.
A few years ago you might also ask why would anyone give out $5 certificates? It's not any more work on their part - it's a extra parameter sent to their certificate generator.
Rip-off? Bah! That's nothing compared to Microsoft's SQL Server! With SSL, you have to add the asterisk for more functionality. It takes a bit more work and they charge you 10x the price.
With SQL Server, you can get the Express Edition for $0 or the Enterprise Edition for $thousands. But to build the Enterprise Edition, they actually compile it from the same source code without some #defines that enable various Express Edition data size limits.
They do less work yet charge you infinity times the price. Now that's a ripoff!
Given that almost all clients support SNI (https://en.wikipedia.org/wiki/Server_Name_Indication) nowadays, there's not really a need anymore for wildcard certificates (if all you want to do is enable a few subdomains).
Working at a previous employer a few months ago, their McAfee Web Gateway didn't support SNI either. Sites that depended on it were blocked due to a server name mismatch.
The CRL file(s) could be hosted on any CDN worth their salt for less than the price of 4 people regenerating certs. SNI is also an option for newer clients.
It's pure profit/rent seeking. That same $25 applies regardless of the reason. OpenSSL compromised? Fuck you, pay me. Miskeyed the CN? Fuck you, pay me. Want a different type of cert for the same domain? (XMPP instead of web?) Fuck you, pay me. You get the idea. It doesn't cost $25 for a few byte fingerprint to be automatically appended to the end of a file.
In some of these cases they don't even need to revoke the other cert, just delete the erroneously created one from their system because it was never used anyways!
Never mind the fact that their UI would have been an embarrassment a decade ago, and they absolutely require certificate-based login to get into the UI, which is a huge PITA.
> The CRL file(s) could be hosted on any CDN worth their salt for less than the price of 4 people regenerating certs. SNI is also an option for newer clients.
Have you seen the article with Cloudflare and Globalsign's CRL?
I tried to use StartSSL to secure a small non-profit website which happened to (totally separately) process donations through PayPal, and I was unable to get them to comprehend that PayPal provides its own security and their certificate would not be involved in any monetary transactions. They insisted they couldn't authorize a certificate for an organization that dealt with money in any way, which, as far as I know, disqualifies essentially every organization ever.
So yeah, $0/year, but definitely not "no bullshit."
> Also, if you read the Namecheap promotion page, they explain that they are donating $0.5 to Fight for the Future for every purchased certificate
I don't trust Fight for the Future. Too many times I've gone to the page for one of their causes, and found a prominent form asking for my email, sensationalistic claims about the issue that included outright factual errors, and no link to the actual text of whatever bill they were up in arms about.
Why not donate to the EFF instead? The EFF is occasionally wrong, too, but I never get the impression when the EFF is wrong that they are deliberately being wrong in order to stir up more interest. Also, EFF donations are tax deductible.
Also, if you read the Namecheap promotion page, they explain that they are donating $0.5 to Fight for the Future for every purchased certificate.
Yes, but you can donate almost 4x that with the money you save. It's hardly a reason to choose Namecheap.
I always found those "$x from your purchase will be donated" annoying. How about you let me keep my $0.5 and I'll donate it to whoever I want? I might not even want to support the organization they chose!
You mean, when people didn't want to pay $25 to revoke compromised certificates. It's not like this was a secret or people couldn't afford it. They just felt that they should get something for free that the other party thought should have a price.
$120 if you want to use a business name. $60 for individual validation (that's a pain in the hind end) and $60 for business name (which involves handing over tax records and private information about business operators).
I didn't have to hand over private information beyond my address -- I sent them my incorporation records and a way to verify the company existed in the public register. I completed the entire business validation in a single night.
Yep, costs some money to revoke, and in light of heartbleed, they probably made some money. But I like the fact I can re-issue unlimited certificates forever, and pay for revocation only when the rare heartbleed-like vulnerability happens.
I just bought SSL certificate for $9.99 yesterday. Wish I had seen this earlier. From my bit of research, among all the providers, SSL certificates from namecheap were the cheapest.
This system is very inefficient. So inefficient that it would not be useable on mobile devices, and you would have to trust a 3rd party to verify websites for you.
>Neither self-signed nor CA-signed certificates are securely authenticated
CA-signed certs are authenticated by the certificate authority. You cannot trust that a website presenting itself as google, is google, without any prior information. But google can get a certificate issued by a ca, and you can trust the ca.
Why do you think ca signed certs are not securely authenticated?
> This system is very inefficient. So inefficient that it would not be useable on mobile devices, and you would have to trust a 3rd party to verify websites for you.
It sounds like you're thinking about running a blockchain node locally. DNSChain is exactly fixing that issue. It is even more efficient than the current system.
> A-signed certs are authenticated by the certificate authority.
Incorrect, CA-signed certs are authenticated by any certificate authority.
> Why do you think ca signed certs are not securely authenticated?
I love them but after they "updated" their design, every time i try to buy/renew domains I'm having nervous breakdown :
* It's impossible to find what I'm looking for.
* Facebook style panel menu ( I don't know how they calling it ) makes only sense on tablets/phones, on desktop it's just pain...
* New design uses screen real estate really bad. My screen filled with big buttons, big texts and senseless images... Information that I'm looking for is lost between them.
* Gray text on white background... Not so readable...