Need SSL Advice

Community Forums Forums General Discussion Need SSL Advice

This topic is: not resolved

Tagged: , , ,

This topic contains 4 replies, has 3 voices, and was last updated by  Summer 8 months, 2 weeks ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #90043

    Paul
    Participant
    Post count: 56

    I hope it is okay to ask this here; I really need advice from folks I trust…

    I host 25 clients WordPress sites on a VPS server from HostGator. I’m not sure, but I think it is important to note for this question that NONE of the sites are ecommerce sites.

    I recently started getting emails from Hostgator every day, telling me the following:
    The SSL certificate for dovecot on mydomain.com will expire in less than 30 days
    The SSL certificate for cpanel on mydomain.com will expire in less than 30 days.
    The SSL certificate for ftp on mydomain.com will expire in less than 30 days.
    The SSL certificate for exim on mydomain.com will expire in less than 30 days.

    Now I freely admit I don’t really understand much about SSL, and so I don’t know what all this means. I have submitted a help ticket to hostgator, and they are telling me I need to get something called a “multi-domain SSL. A multi-domain SSL up front offers encryption for three domains for $150, each domain you add onto that is 25$ extra,”

    So if I’m understanding that correctly, I’d have to pay $150 (which would cover my own 3 sites), plus $25 for each of my 25 client’s sites, or a total of $775.

    I’ve never had to pay this sort of thing in the past, so I’m confused about what has changed now and what I really need to do. If that is legitimate, then I don’t mind paying it, but since I am clueless, I am hoping maybe somebody that actually understands this kind of stuff can offer me some advice. I don’t want to spend money that I don’t need to, but I also don’t want to not spend and have it come back to haunt me and hurt my clients.

    Thank you anyone for any advice at all.

    Grace and Peace,
    Paul

    http://OylerPhotography.com
    #90088

    nutsandbolts
    Moderator
    Post count: 3173

    They are taking advantage of you – I don’t say that lightly, but if what you described is accurate, I am DISGUSTED with HostGator.

    The emails you’re getting are referencing the server SSL certificate (assuming mydomain.com is the hostname for your account). Let me give you an example in hopes that it will make more sense.

    I have SSL for my own server, which means my WHM login page, webmail, etc. are all using a certificate that isn’t self-signed. If you visit any of the relevant pages for my server to log in, you’ll get a green padlock in the address bar. One of my clients does not have SSL on his VPS, so I get a warning in my browser that his cert is self-signed. That isn’t a huge issue; no one logs into his server except me, and I already know the certificate isn’t there. Most people with a VPS don’t have SSL.

    There is absolutely no reason for you to spend that kind of money on SSL certs that you don’t need. If you’d like to be put in touch with a colleague who can explain this in more detail (he’s a full time server admin), let me know and I’d be glad to introduce you to him. But I promise, they are taking advantage. Or trying to.


    Andrea Whitmer, Owner, Nuts and Bolts Media
    I provide dev and training services for web designers • Find me on Twitter and Google+

    #90091

    Paul
    Participant
    Post count: 56

    Thank you Andrea! I was seriously worried that they were trying to pull something, because it just didn’t make sense why I had never had to do that before. I would like to get in touch with your colleague, as I’d like to try to gain a better understanding of what I am dealing with. Not sure the best way to do that, but I can be reached at Paul at OylerPhotography dot com.

    Thank you again!

    (And I am thinking it is time to begin searching for a different place to have my VPS)

    • This reply was modified 8 months, 2 weeks ago by  Paul.
    • This reply was modified 8 months, 2 weeks ago by  Paul.
    #90092

    nutsandbolts
    Moderator
    Post count: 3173

    No problem! I’ll email you and copy him to get you introduced.


    Andrea Whitmer, Owner, Nuts and Bolts Media
    I provide dev and training services for web designers • Find me on Twitter and Google+

    #90135

    Summer
    Participant
    Post count: 1108

    Paul, just to be sure, I’d follow up again with Hostgator support, because it sounds like you got a first-line person who doesn’t know jack about how the servers are set up (which alone is enough to start getting me concerned about my own hosting there).

    Make sure they know that you are getting warnings for the server certificate, not your domain certificate, which doesn’t exist.

    Now if they’ve changed “policies” and are charging end users for the certificates for their servers, then they have gone into some very dangerous territory that would drive a vast majority of the clients into the arms of their competitors.

    Make sure you ask Andrea’s colleague about the best questions to ask HG to make sure they understand what you’re asking about. If they stick to their story after that, point out that in previous years you didn’t pay for that server SSL cert and to show you where any updated policy changing that resides and when it was sent to you. If that doesn’t help, time to make plans to get out of Dodge.


Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.