If you're OK with the added requirement of having to renew the cert every 3mo, and the machine is publicly reachable (either directly or indirectly) on tcp/80 and tcp/443, LetsEncrypt is probably a reasonable choice (as others have pointed out). There are a number of tools available for automating the renewal process. Personally, I prefer using the Caddy webserver and having it handle the renewal for me. Not needing to manage an additional tool is a bonus.
> On Sep 5, 2018, at 12:59 PM, Paul Heinlein <heinl...@madboa.com> wrote: > > The SSL certificate for my web site is due to expire in a few days. I'm not > beholden to my current certificate authority (CA) and my requirements are > pretty standard: > > * decent browser support > * modern crypto > * quick turnaround on requests > > I have no problem using chained certificates if necessary. > > So what CAs do you all favor these days? > > NB: There is no non-public content on my site, but there is some information > about crypto usage. Back when I was running the site without https, I > received an e-mail message from someone claiming to live in a country with an > oppressive regime. (The return address and SMTP headers supported that > claim.) That person asked if I could add SSL support so s/he could read my > crypto pages without setting off alarm bells in the regime's sniffing > software. I figured for a few bucks a year it was worth it. > > -- > Paul Heinlein > heinl...@madboa.com > 45°38' N, 122°6' W_______________________________________________ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug -- Louis Kowolowski lou...@cryptomonkeys.org Cryptomonkeys: http://www.cryptomonkeys.com/ Making life more interesting for people since 1977 _______________________________________________ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug