[vc_row][vc_column][vc_column_text]Bluehost is among several hosts now offering free WordPress SSL certificates without the requirement for dedicated IP addresses.
Frankly, this news came as a surprise today, as I was planning to add a Comodo Positive SSL certificate in a cart so that the client could log in and complete the purchase this morning.
While Bluehost to date is not participating in the Let’s Encrypt Free SSL project, the certificates issued through this “Free WordPress SSL” offering are via Comodo with no mention of an insurance amount or seal. And like Let’s Encrypt SSL, these Free Comodo SSL certificates have a 3-month term. I can only assume that one would go through the “free” purchasing process again on the expiration date. But as an interim solution to meeting the mandate for SSL encryption for all WordPress sites – this is a quick fix that won’t hit client budgets quite so hard.
I submit it might still be worthwhile going to more traditional dedicated IP / purchased SSL certificate (with insurance and a badge) in the near term, but this solves a multitude of issues for many. For example, in shared hosting where there are multiple domains/websites on an account, many were being blind-sided by a need to upgrade hosting in order to have multiple SSL certificates enabled.
Update & Review 04-Jan-17
After the initial news made some of my clients very happy with the thought they might get a budgetary break and free SSL, my experience thus far has been abysmal. I quickly triggered the “purchase” of Free WordPress SSL Certificates for several client accounts who really have no major reasons to go to any tremendous expense for SSL. Having quite a bit of experience with standard SSL purchase and implementation on Bluehost and other hosts, I realize that there is a window of time after the purchase for the SSL to install on the server and become available.
However, to date, it has been three days and so far none of the SSL certificates are officially installed. After waiting close to an hour for a support chat, I spent another 40 minutes on a chat to learn that support realizes they have a fairly huge problem and my clients will receive an email once the SSL is installed.
The free SSL certificates are issued by Comodo and similar to Let’s Encrypt, they have a 3-month life. If these ever get to the point of actually installing and working properly in all browsers – especially Chrome – without a dedicated IP, I certainly hope they get the process improved for renewal time. At this point, it will cost more in my time for all this monkey business than it would be to purchase a Positive SSL Certificate and Dedicated IP!
I will report back with a status update as soon as more is known.
Update August 2017
Reprise. The problems with the free SSL (available through Comodo vs Let’s Encrypt) will now automatically allow both the www and non-www version of the domain. On accounts with NGINX, no dedicated IP is required, but is suggested for stores. And as with Let’s Encrypt, these SSL certificates expire every three months, but Bluehost finally has an autorenew process in place that is working based on two clients using these.[/vc_column_text][/vc_column][/vc_row]