SSL expensive, why?


#1

Hi,

i’m asking to Fastly community to share some experience about how to setup a cheaper and production ready SSL configuration.

I have many website hosted on different domains (a.com, b.com, c.com, d.com) and i want to have for each one SSL certificate in order to use HTTP2 and ServerPush.

From what i understood, Fastly support TLS but I need to pay $100 / month.
This means about $600 in my scenario since I have 6 domains.

The question is:

  1. There are some good and cheaper way to enable HTTP2 on Fastly?
  2. Why Fastly just don’t use Let’s Encrypt library?
  3. Amazon EC2 is able to support certificate generation for free, why Fastly is so expensive?

#2

i want to have for each one SSL certificate in order to use HTTP2 and ServerPush.
From what i understood, Fastly support TLS but I need to pay $100 / month.
This means about $600 in my scenario since I have 6 domains.

There would be a number of ways to reduce this from $600. By talking to a Sales person (via sales@fastly.com), you’re likely to be able to do this by either reducing the amount you pay per certificate or changing to using a hosted certificate with the domains added as SANs. Of course, whatever the cost, it isn’t as low as free, so if that’s what you’re looking to get, it doesn’t make sense to start the discussion.

There are some good and cheaper way to enable HTTP2 on Fastly?

HTTP/2 needs TLS, and if you want TLS + your own custom domain on Fastly you’ll have to choose either SAN entries on a shared certificate or a hosted certificate, as mentioned here.

Why Fastly just don’t use Let’s Encrypt library?

I’m sure you’ll appreciate there’s more to it than just using Let’s Encrypt! Whatever method we use for TLS certificate provisioning, there still has to be methods of keeping them up to date and synchronizing them across all our servers, keeping everything secure and so on. Thus the just soon becomes something that is a more involved undertaking.

Amazon EC2 is able to support certificate generation for free, why Fastly is so expensive?

EC2 is a platform for provisioning server instances in the cloud. We’re a CDN, which is a lot different, so that’s not comparing similar things. I guess the point you wanted to make is that if you go to some other CDN providers you may get a lower price for TLS certificates. Perhaps that is true, but you need to evaluate all features, performance and other needs (such as good support!) and see which really has the lower cost over time. If something is completely free but when you have a problem with it you have to struggle without assistance because support is either a Google search or nothing, then it’s not really ‘free’ (unless your time is worth nothing).

Having said all that, pricing of our TLS offerings is something we’ve been looking at and we will strive to keep our offering competitive over time.


#3

I want to explain you exactly what I think.

We are developing a service to improve security and analysis: I don’t want to share our website there.
Our plan - like every startup - is to made a lot of customers; let’s say 1.000 customer monthly or more.

We want to use Fastly, so we can route requests and use HTTP2 and Push.

Our offer is $250/year maybe in the future $500/year with some addOn we are working on.
The original idea was to charge extra-fee for HTTPS.
So we will charge $500/year for our service and $1.200 / year for Fastly TLS certificate.

1200 USD for domain means 12.000 USD for 10 domains.

How i can make my business growth if Fastly charge me 600% more then what i charge to my customers?

Actually we have 12 Customers in beta, hosted on EC2 with ACM (Automatic Certificate Manager).
As a note, Amazon is able to support HTTPS on CloudFront that is what we are doing right now.

I can try to reach out your sales team - but I’m not sure if there are a solution…


#4

Hi Justin,

It’s true that providing SSL “for free” does cost something to the provider, whether it’s ACM or a competing CDN. However, the practise of securing connections by default is slowly becoming the industry standard, and customers begin to expect SSL to be included in the price “for free”.

That’s good, thanks for for the info! Let’s hope something comes out of it.


#5

It would be good to know how Shopify do it… they are a client of Fastly and they use Let’s Encrypt? I appreciate the scale they operate at is vastly higher than many others, but presumably this means Fastly have some means of supporting this?

Shopify starts at $29/mo and that includes SSL… so whilst I appreciate it’s not free for Fastly to implement auto-renewal etc, surely it’s feasible that this should be at most $10/mo/domain?


#6

This is a good question. Hope to get a reply.


#7

Some of our customers participate in betas, sometimes we do things by hand for customers (which does not scale well,) and sometimes there are special custom systems in place. Whether or not any of those apply here is something I cannot comment on. :slight_smile: