Yeah how dare Mozilla force sites to pay for TLS certificates! It’s a racket I tell you! If they’re going to be required in order to be on the internet they should be free
Let me see if I understand this, SSL is bad because one very well known to be shitty hosting provider charges lots of money for it? And we should hold back securing web traffic on the internet until such time as GoDaddy changes their pricing structure?
Look I get it, if I hosted sites on shitty providers and couldn’t change because of corporate BS I would be frustrated too. But “everyone else should change to accommodate my problems” isn’t the right response. It’s the same with crappy SSL middleboxes, I feel for people who have to deal with broken sites because of them but breaking TLS as a workaround can’t be the way forward.
I think you misunderstood me and are reading a lot more into my post than I intended. I was just making the point that godaddy's annoyingly large fee is an example of a contributing factor to the plague of non-SSL sites.
Time is money, I'm sure some users visiting websites that don't have the luxury of being maintained by multinational corporations will experience issues as a result of this change. TLS certificates are also not trivial to set up or renew if you require a wildcard certificate.
Wildcard certificates are the much much easier case. You don't have to mess with your web server or routes at all. You just hook up certbot with your DNS provider and say "get me a cert for '*.mydomain.business", run the renew in a cronjob (which certbot does automatically by default now) and never touch it again. I've had certbot running for like 4 years with no interruption with this setup.
The Venn Diagram of people who forgo managed hosting with SSL built-in and set up their own servers to host HTML pages on the internet and the people capable of following a guide to configure certbot is a circle.
Not all DNS providers are supported by certbot, so sometimes it's impossible to automate. It's not infrequently that I come across sites with expired certificates nowadays.
And what of those who have left their old site (that has no need for TLS) online for years without ever knowing 'insecure' HTTP is being deprecated? I don't think their sites breaking and showing warnings should be acceptable when the security benefits are so marginal.
It doesn’t really matter if all DNS providers are supported because you can just delegate your _acme_challenge zone to any DNS provider that is, like Route53 or to your own DNS server.
I don't care if they 'dragnet survey' my users who are just looking for 20-year-old data sheets. Fact is, not everything needs unbreakable encryption, or a warning label for lacking it.
