| ▲ | 42droids 15 hours ago |
| Has anyone got any experience with Zero SSL? https://zerossl.com/
It seems like a good EU alternative. |
|
| ▲ | 47282847 14 hours ago | parent | next [-] |
| EU? There’s almost zero information on the company, no privacy policy? The only place I found any mention is the footer, “HID Global Corporation, part of ASSA ABLOY”. Assa Abloy seems Swedish but HID Global is a US company as far as a quick search goes. But without a proper company info page and privacy policy I wouldn’t consider it anywhere near a “good alternative” regardless. |
| |
| ▲ | slau 14 hours ago | parent | next [-] | | HID was originally American and Scottish, but became fully American in 1994. HID was acquired by Assa Abloy in 2000. No idea whether that means we now consider it Swedish. ZeroSSL used to be Austrian until their acquisition in 2024. I used to work for a company that got acquired by HID. It looks like HID has retained their original offices in some form. | |
| ▲ | ZeroSSL 5 hours ago | parent | prev | next [-] | | Jumping in here since we’ve been seeing more mentions of ZeroSSL lately, likely related to the recent CA/B Forum discussions around 1‑year certificates and ACME automation. - We’re based in Austria (ZeroSSL GmbH). The company was acquired by HID in 2024, which is part of Assa Abloy (Sweden). - We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way. - For DV certs specifically, we act as a distributor. Under the hood these are Sectigo-issued certificates, similar to how other providers (for example Namecheap) operate. Happy to clarify further if useful. | | |
| ▲ | hoistbypetard an hour ago | parent | next [-] | | Sectigo used to be Comodo's CA business. If memory serves, that business was purchased by a US PE firm and renamed "Sectigo". Sectigo Inc.'s corporate headquarters is now in Scottsdale, AZ. There's no reason to believe they're any less subject to US jurisdiction than LetsEncrypt. | | |
| ▲ | idoubtit 36 minutes ago | parent [-] | | There were reason to believe they were less subject to US juridiction: their Subscriber Agreement is for "Sectigo Limited, a limited company formed
under the laws of England and Wales".
See https://www.sectigo.com/uploads/backgrounds/Certificate-Subs... Sadly, their United Terms and Conditions in section 8.2 are even more restrictive than LE's.
They reject any entity
"located in, incorporated under the laws of, or owned (meaning 50% or greater ownership interest) or otherwise, directly or indirectly, controlled by, or acting on behalf of, a person located in, residing in, or organized under the laws of any country sanctioned under the laws of the U.S. or E.U."
See https://www.sectigo.com/uploads/backgrounds/United-Terms-and... From a layman point of view, it could even mean that the ICC and the UN are prohibited from using Sectigo.
The Customer must have no "affiliates, officers, directors, or employees" that are on sanction lists, and the US have sanctioned some high-profile members of the UN and the ICC that spoke about the genocide in Gaza. |
| |
| ▲ | kruffalon 3 hours ago | parent | prev | next [-] | | > - We’re not positioning ourselves as a purely EU-based CA substitute, and we generally don’t market it that way. OK, but in the context of this topic thr interesting part isn't your marketing but your jurisdiction. Could you clarify which jurisdiction you operate under and a link on the ZeroSSL website that collaborates that? Thank you <3 | |
| ▲ | redrblackr 2 hours ago | parent | prev [-] | | Any plans on becoming an independent CA? Would certificates issued in your name also risk being affected by US sanctions trough sentigo? | | |
| ▲ | orochimaaru 2 hours ago | parent [-] | | If they do business in the US they will be expected to comply with US law - this includes their stock being traded on US stock exchanges. If they don’t have any business in the US and any financial ties to the US they won’t be subject to the sanctions. But I believe it will create issues if they want to enter the US market. |
|
| |
| ▲ | nomadwastaken 12 hours ago | parent | prev [-] | | The privacy policy is under legal in the footer, exactly where I'd expect it to be honest. It also gives the company registration:
> 1.1. We, ZeroSSL GmbH, FN 443956b (the “Company“)
and below that the company address (registered in Austria). Don't get me wrong, I agree that there is some lack of "who actually runs/controls this", especially on the about page where I expect such things to be. At the very least it's not as transparent as I'd wish from a CA. E.g their Certificate Agreement is from Sectigo, so are they involved? No mention anywhere else from what I can see. | | |
| ▲ | 47282847 7 hours ago | parent [-] | | I don’t see “legal” in the footer on mobile. Or any other link. Or a link to an About page in the main nav. There’s nothing. |
|
|
|
| ▲ | matharmin an hour ago | parent | prev | next [-] |
| I use them in some cases to avoid the rate limits on LetsEncrypt, and they have better support for some older platforms (like ancient Android versions), and I'm pretty happy so far. I have a paid account to support them, but it's not a requirement for ACME certs. It works without issue with Kubernetes Certbot, and seamless to switch between ZeroSSL and LetsEncrypt. I can't comment on the EU part though - not that relevant in my case. |
|
| ▲ | linsomniac 2 hours ago | parent | prev | next [-] |
| There was some subtle issue with ZeroSSL's implementation of ACME that I ran into with, IIRC, lego and domain certs and there was a ~5 year old lego open issue about it. That was a couple years ago, might be fixed, but my understanding at the time was that it was an issue with Zero's ACME implementation, so there may be dragons. |
|
| ▲ | slau 14 hours ago | parent | prev | next [-] |
| 3 90-day ACME certs for free. 180€/year for unlimited 90-day certs and 5 yearly ones. That’s a pretty steep increase. I would almost be more interested in a monthly fee per cert. |
| |
| ▲ | nomadwastaken 12 hours ago | parent [-] | | From their docs[0] this doesn't seem to apply if using ACME, but they don't exactly make that clear... > By using ZeroSSL's ACME feature, you will be able to generate an unlimited amount of 90-day SSL certificates at no charge, also supporting multi-domain certificates and wildcards. Each certificate you create will be stored in your ZeroSSL account. [0]: https://zerossl.com/documentation/acme/ | | |
| ▲ | matharmin an hour ago | parent [-] | | Yeah, they don't make it that clear, but you get basically the same functionality as with LetsEncrypt for free, including wildcard certs. You basically only need to pay for manually issued certs, or some of their other additional features. |
|
|
|
| ▲ | patrakov 6 hours ago | parent | prev | next [-] |
| It's Sectigo under the hood. |
|
| ▲ | nickf 12 hours ago | parent | prev [-] |
| ZeroSSL aren't an EU-based alternative, unfortunately. |
