February 12, 2014 at 4:11 pm #90043
I hope it is okay to ask this here; I really need advice from folks I trust…
I host 25 clients WordPress sites on a VPS server from HostGator. I’m not sure, but I think it is important to note for this question that NONE of the sites are ecommerce sites.
I recently started getting emails from Hostgator every day, telling me the following:
The SSL certificate for dovecot on mydomain.com will expire in less than 30 days
The SSL certificate for cpanel on mydomain.com will expire in less than 30 days.
The SSL certificate for ftp on mydomain.com will expire in less than 30 days.
The SSL certificate for exim on mydomain.com will expire in less than 30 days.
Now I freely admit I don’t really understand much about SSL, and so I don’t know what all this means. I have submitted a help ticket to hostgator, and they are telling me I need to get something called a “multi-domain SSL. A multi-domain SSL up front offers encryption for three domains for $150, each domain you add onto that is 25$ extra,”
So if I’m understanding that correctly, I’d have to pay $150 (which would cover my own 3 sites), plus $25 for each of my 25 client’s sites, or a total of $775.
I’ve never had to pay this sort of thing in the past, so I’m confused about what has changed now and what I really need to do. If that is legitimate, then I don’t mind paying it, but since I am clueless, I am hoping maybe somebody that actually understands this kind of stuff can offer me some advice. I don’t want to spend money that I don’t need to, but I also don’t want to not spend and have it come back to haunt me and hurt my clients.
Thank you anyone for any advice at all.
Grace and Peace,http://OylerPhotography.com
PaulFebruary 12, 2014 at 10:06 pm #90088
They are taking advantage of you – I don’t say that lightly, but if what you described is accurate, I am DISGUSTED with HostGator.
The emails you’re getting are referencing the server SSL certificate (assuming mydomain.com is the hostname for your account). Let me give you an example in hopes that it will make more sense.
I have SSL for my own server, which means my WHM login page, webmail, etc. are all using a certificate that isn’t self-signed. If you visit any of the relevant pages for my server to log in, you’ll get a green padlock in the address bar. One of my clients does not have SSL on his VPS, so I get a warning in my browser that his cert is self-signed. That isn’t a huge issue; no one logs into his server except me, and I already know the certificate isn’t there. Most people with a VPS don’t have SSL.
There is absolutely no reason for you to spend that kind of money on SSL certs that you don’t need. If you’d like to be put in touch with a colleague who can explain this in more detail (he’s a full time server admin), let me know and I’d be glad to introduce you to him. But I promise, they are taking advantage. Or trying to.
February 12, 2014 at 10:17 pm #90091
Thank you Andrea! I was seriously worried that they were trying to pull something, because it just didn’t make sense why I had never had to do that before. I would like to get in touch with your colleague, as I’d like to try to gain a better understanding of what I am dealing with. Not sure the best way to do that, but I can be reached at Paul at OylerPhotography dot com.
Thank you again!
(And I am thinking it is time to begin searching for a different place to have my VPS)
- This reply was modified 1 year ago by Paul.
February 12, 2014 at 10:18 pm #90092
- This reply was modified 1 year ago by Paul.
nutsandboltsKeymasterFebruary 13, 2014 at 9:10 am #90135
Paul, just to be sure, I’d follow up again with Hostgator support, because it sounds like you got a first-line person who doesn’t know jack about how the servers are set up (which alone is enough to start getting me concerned about my own hosting there).
Make sure they know that you are getting warnings for the server certificate, not your domain certificate, which doesn’t exist.
Now if they’ve changed “policies” and are charging end users for the certificates for their servers, then they have gone into some very dangerous territory that would drive a vast majority of the clients into the arms of their competitors.
Make sure you ask Andrea’s colleague about the best questions to ask HG to make sure they understand what you’re asking about. If they stick to their story after that, point out that in previous years you didn’t pay for that server SSL cert and to show you where any updated policy changing that resides and when it was sent to you. If that doesn’t help, time to make plans to get out of Dodge.
You must be logged in to reply to this topic.