SSL Certificate and password questions

First, I had to reset my password to log in. After I got that working, I got FileZilla installed (had to put on a new OS and start from scratch). I put in the new password, but it wouldn’t accept it. I went to the FTP section on the site to get the account details, and I noticed it appears the old password I forgot was retrievable there. I then was successful in logging in through FileZilla. Does this mean it will update later or is it always going to use that password? I forgot if I had to set another password or if this one is in fact my old one.

Next, I got an email telling me to update my SSL Certificate. Is the limited duration just a way to get people to sign up for a yearly paid plan, or is there a free way to extend the SSL Certificate time period? In my case, I am not putting up any real sensitive data, so do I even need an SSL Certificate? I am just working on a project and using InfinityFree for simple hosting. Maybe later, if it evolves, I will look for paid hosting packages. This is why I am asking, so, how do SSL Certificates normally work for yearly usage?

I’m afraid it is neither. If you want a longer-life SSL certificate, you would have to pay for one from the SSL provider. There is no way to extend SSL certificate life, and this isn’t the intention to signal people to upgrade to premium hosting. If you need to have SSL certification for longer, create another SSL certificate and install it.

That’s your call. Generally, I would prefer to have an SSL installed onto my sites, because it gets rid of Chrome’s warning and it makes things more secure in general.

Which password did you reset? Did you reset your Client Area account, or your Hosting Account?
(Now that I re-read this, sounds like the Client Area)

Looks like I answered myself. You may have reset the Client Area password, not your Hosting Account’s password.

If you want to change your Hosting Account’s password, in the Hosting Account go to Account Settings, and then you should see this:

Screenshot 2025-03-26 at 8.50.13 PM1670×1010 70.1 KB

This is where you change your Hosting Account’s password.

Don’t do that. the shorter an SSL certificate is valid for, the better. Yes, it is annoying to renew them, especially on free hosting, but the longer they are valid for the higher the security concern is.

OP, note that the password to login to your IF account and your FTP account password are different.

Regarding SSL, I recommend using Cloudflare if you have a custom domain name, as they can handle all the certificate renewals automatically for you and using a self-signed cert (Valid for 10 years) on IF is not a huge deal as it is not as exposed.

Thanks for the concise answers. I guess I just completely forgot I made two passwords when I first tried out InfinityFree. No big deal there.

I have some further questions based on the replies regarding SSL.

“If you need to have SSL certification for longer, create another SSL certificate and install it.”
“Generally, I would prefer to have an SSL installed onto my sites, ecause it gets rid of Chrome’s warning and it makes things more secure in general.”

Please excuse my ignorance here. When I go to my address, it adds “?i=1” on to it. This is a side question, but I thought I’d ask it. Maybe it pertains to security or maybe it is an index number.

Next, if I start the address with “https://” instead of “http://” it won’t load. But, when I remove the “s” it does load (adding the “?i=1”). This part I understand, s is for “secure”. Since we are talking about SSL certificates, and I still have one until the end of April why is there no “s” needed to get to my address? And when it loads, it has “Not Secure” next to the URL field.

When you say to create another SSL certificate, I am still unclear on the duration. Looking it up on the internet, I am seeing 397 days being the “old” duration. And now, it is showing 90 days because of security issues.

Furthermore, I am seeing the following.

"Benefits of Shorter Validity:
Shorter validity periods are intended to encourage automation and the adoption of practices that will drive the ecosystem away from manual, time-consuming, and error-prone issuance processes."

"Automated Certificate Management:
With shorter validity periods, automated certificate management will be crucial to ensure that certificates are renewed efficiently and that secure connections are maintained."

If 90 days is the longest InfinityFree can provide, does that mean there is a significant resource issue to not automate it? I find it strange they use “drive the ecosystem away from manual”, but having to get a new SSL every 90 days seems like it is driving things to be more manual unless there is an automated system in place.

Is there a reason why InfinityFree doesn’t automate SSL certificates?

“Regarding SSL, I recommend using Cloudflare if you have a custom domain name, as they can handle all the certificate renewals automatically for you and using a self-signed cert (Valid for 10 years) on IF is not a huge deal as it is not as exposed.”

Does this come at a cost? If so, what is the usual cost?

Can you provide a screenshot? There are (2) possible reasons why it could fail:

1. SSL certificate is not being trusted by the browser. If you have installed an SSL certificate from trusted provider and it happens, then either the browser or the operating system itself uses outdated CA certificates. Either you need to update the browser, add the CA certificates manually, or update the operating system.

2. Mixed content has been detected by the browser. Make sure that every network request on your website is going to be loaded with HTTPS protocol.

Cloudflare provides free SSL certificates.

Yes, there is a reason:

Nope! Cloudflare profile free certificate that auto renew, and IF provides the free self signed cert.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.