|
@__agwa | |||||
|
I appreciate that, but even providing a limited-feature version has a cost, and as a small company which doesn't show ads or sell user data, the only way to recoup the cost is by charging for the service.
|
||||||
|
||||||
|
Andrew Ayer
@__agwa
|
20. stu |
|
ICYMI: last week I rolled out a HUGE upgrade to Cert Spotter. Now that the post-rollout craziness has subsided, let me tell you about my favorite new features... (1/9) twitter.com/SSLMate/status…
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
First: expiration monitoring! Cert Spotter now monitors every one of your domains and sub-domains found in CT logs and alerts you about expiring certificates - whether it's a forgotten manual certificate, or a broken automated certificate. (2/9) pic.twitter.com/ngOdiT0Dpe
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
If the endpoint is running a public HTTPS server, Cert Spotter checks the expiration date of the live certificate. Otherwise, it looks in CT logs to see if the certificate has been renewed. (Coming soon: monitoring for other installation errors, like missing intermediates.) (3/9)
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
Second: say goodbye to alert fatigue! I know you're busy, so I only want to bother you when there's really a problem. If you trust some CAs, you can choose not to be alerted about their certificates. Trusting the 1-3 CAs that you use is WAY better than trusting all 100+. (4/9) pic.twitter.com/hzvYD5xkAo
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
Or, if your issuance is automated, there's an API for telling Cert Spotter about your legitimate certificates so you won't be alerted about them. Imagine: plugins for Certbot, Caddy, etc. that automatically authorize all certs that they issue! sslmate.com/certspotter/wh… (5/9)
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
Third: Cert Spotter now tells you who REALLY issued a certificate, and who you need to contact to get it revoked, which will reduce confusion and save you precious time responding to an unwanted certificate. (6/9) pic.twitter.com/SGBRJnpIX0
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
It doesn't sound hard to figure out who issued a certificate, but because of all the acquisitions and obscure business arrangements in the WebPKI, you often needed to be a WebPKI expert to figure it out. Now you can just use Cert Spotter. (7/9)
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
This minor feature was hard to implement but will have a big impact on making Certificate Transparency more usable by non-experts. Other monitors will tell you that a certificate was issued by a company that isn't a certificate authority, or hasn't existed for a decade. (8/9)
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
Do you want monitoring that will prevent downtime, improve your security, while being easy to use? Sign up for Cert Spotter here: sslmate.com/signup?for=cer… (9/9)
|
||
|
|
||
|
azet
@a_z_e_t
|
20. stu |
|
that's all really cool work, but I liked it as a free service and won't be able to pay for that fun on private stuff. I think I'm not the only one, did you consider a free tier on a limited-feature version?
|
||
|
|
||
|
Christian Schmidt
@aggemamdk
|
21. stu |
|
FYI: After reading your tweets, I googled “Cert Spotter”, clicked first link, then clicked Pricing – and found the prices for *something else*. I nearly left, because I thought it was too expensive ($15.95/yr/hostname), until I found the other pricing page.
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
21. stu |
|
Thanks, that's very useful feedback! I'll make some changes.
|
||
|
|
||
|
azet
@a_z_e_t
|
20. stu |
|
I totally get why a lot of formerly free services now charge for what they're offering. I'm just always wondering if it's not possible to finance a limited free tier with the professional offering. It does usually attract other customers or switch them over entirely at a point.
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
Attracting paying customers is the conventional justification for a free tier, but it rarely happened for Cert Spotter over the last 3 years, and a lot of other companies are finding the same thing.
|
||
|
|
||