@sloosecannon said:StartSSL is free too
Unless, after one year, they decide that your site is (for a) business and the only reason you want the cert is to conduct financial transactions over it. Regardless of whether you are or not.
No appeals allowed.
Upon a renewal request:
@certmaster@startcom.org said:The request for a server certificate for [website] has been declined. For more information please contact us. Thank you!
@me said:May I ask the reason for the decline?
@certmaster@startcom.org said:Thank you for requesting a digital certificate with us. However Class 1 certificates are not meant to be used for commercial activities or financial transactions according to our policy. For this purpose please consider upgrading to Class 2 or higher verification level.
Please see https://www.startssl.com/?app=32 about how to enroll. Thank you for your understanding.
@me said:Thanks for the reply.
May I
have a link to this policy for the definition of 'commercial activity' (there are no financial transactions happening on that site - it is merely serving as an online 'catalogue' and any transactions have to be held off the internet either on the brick and mortar premises or over the phone,) and
ask when this policy was enacted, since this didn't seem to be a problem over the past year when I applied last August...
@me said:Don't worry - looks like I've found it, and it appears to have been retroactively added.
@certmaster@startcom.org said:Sure. Here is the link https://www.startssl.com/policy.pdf
@me said:Sadly that still doesn't define commercial nature. However, for example, from the webpage that describes Class 2:
Notice to all StartCom subscribers
StartSSLâ„¢ Verified are intended for:
web sites, which perform financial transactions like credit card details or other payment methods, so that a visitor can be assured, that the person and company operating it can be traced to a real entity.
companies or individuals which have to deal worldwide with prospective clients and partners and need to be assured of correct information about them.
easier management of keys and certificates, complex configurations and multiple web sites on the same server and IP address and IIS/ISA setups.
None of these applies to the website concerned.
And that was the last message.