More on SSL - mostly, positive!

I’m pretty sure Google brought me to this OK-to-FINE page:

[How to get Free SSL (HTTPS) on InfinityFree]

It’s reasonably well-written, but it does not seem to be up-to-date or accurate, so

  1. Let your intuition be your guide - true, that’s not ideal & some will “guess wrong” - if/when you find yourself thinking, “That’s not what it said was going to happen.”
  2. BE PATIENT. The whole concept of “propogation” as used with the internet is both baffling & frustrating… We think that anything non-manual goes at the speed of light, but I guess there are “queues” and other things involved, so “15 minutes” is still state of the art… BUT with this klugy fix - IT DID WORK FOR ME! - I suspect that 24 hours or more may elapse before “red goes to green” at different points in the process.

Last, I remember crossing this bridge some time back (different host, different TIMES), and one was warned that this was a classic instance of “can’t or don’t want to pay for something that you think should be free?? Then be prepared to go through a 10-40 minute process every 30 days or so!” … I saw no verbiage like that here, but I won’t be surprised if/when that or something similar turns out to be the case. (I used it for a site of next to no importance or value, but given all the above, I’d seriously remind people of something I don’t heed enough myself - YOUR TIME is worth SOMETHING! … Be prepared to work for 75 cents an hour - worst case. Ask yourself how you’d feel if that’s the way it turned out.) Having said which, “admin” deserves all kinds of awards for having done what he’s done … and having stuck with it for so very long! Google will give you what look like one-year-old links to “20 ways to get free hosting,” and 50%+ yield 404’s.

1 Like

Thank you for your feedback. I may be able to elaborate on some of the confusing parts or help avoid them in the first place.

I checked the guide and it does have a few steps that are indeed not entirely correct.

The only part that can take some time is the DNS caching. I try to avoid the term “propagation” because it’s both vague and misrepresents what actually happens with DNS.

The next waiting step is to issue the certificate. But with Let’s Encrypt and Google Trust, that generally takes only 10 seconds or so. ZeroSSL and GoGetSSL take a bit longer, which is why those providers are not used by default.

I do try to make things as fast and simple as possible. However, due to technical limitations out of my control, some steps just take some time.

The CNAME records can take some time to show up due to some incomprehensible cache somewhere I’ve tried to pin down but have been unable to completely. And issuing the SSL certificate, especially with ZeroSSL and GoGetSSL, just takes time due to how their APIs are designed.

Note that renewing the SSL certificate only needs to be done every 2-3 months, not every month. And with all providers except GoGetSSL, you only need to setup the CNAME record once, and if you leave it in place you can renew the certificate without having to go through that part again.

Just being able to use Let’s Encrypt for everything with a HTTP challenge instead of DNS would be a lot easier. Unfortunately, the combination of free subdomains with Let’s Encrypt’s rate limits, as well as limitations of the underlying hosting platform, make that impossible.

Thank you for your kind words! I fully intend to keep it up.

6 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.