Sooooo SSL and this hosting provider
I am a fan of the idea of putting SSL all over the place.
But wait! This very site does not even have SSL or serve data over a secure channel.
Well here is my current problem. This particular hosting provider is somewhat behind the times. They do not support users setting up more than one SSL certificate and I host multiple sites with them. I guess I am left with a simple choice here really. Move to a new hosting provider or just accept that even this simple site login is insecure and open to being spied on or stolen.
I hear the skeptics saying “But with Let’s encrypt you can use Subject Alternative Names” and yes, this would solve the problem, but directly link all the sites I host on this server. I do not want to do this. I also know that its not difficult to find out this information, but I do not want to broadcast it with every connection.
I use Let’s Encrypt wherever I can as it is simple to use on just about any OS. I actively use it on my windows servers as well as my Linux servers. Both pretty easy to setup and get going.
I do find it disappointing, hhhmmmm, or maybe I have been spoilt with using AWS (Amazon Web Services) and the ease of doing certain things, but in this era of regular data breaches and peoples passwords “hitting the streets” I feel SSL should be offered free by all hosting providers. If not through the tools and control panels then at the very least enable the customers to easily set up and use Let’s Encrypt.