You are reading a single comment by @hippy and its replies.
Click here to read the full conversation.
-
It's not our choice. We weren't going direct, it's our DNS provider supplying certs - it was supposed to make admin easier, having them sorted in the one place but turns out they just use Sectigo and then Sectigo fuck us. Thankfully it's not me dealing with them on this so I'm not super bothered but I can understand the frustration having dealt with Sectigo in the past.
I normally deal with AWS certs which is just a CNAME validation tag or something, every now and then Cloudflare or LE but we've got rid of most of the legacy shit using this stuff and everything I've done is auto-renewing so I don't have to think about it any more. It's the on-prem (ish) stuff that causes all the drama.
hippy
You went with an Org verified... those are useless, just get a domain verified via Positive SSL as it's cheaper and quicker: https://www.positivessl.com/
Honestly I should just setup certbot and use Let's Encrypt, but the hassle of that and added fragility is less painful than the annual cost.