Closed Raimund-G closed 1 month ago
Can anyone recommend a good alternative?
Yeah host the thing yourself
Test ssl and ssl labs are some of the best alternatives of it.
I do generally try to recommend against relying on BadSSL.com for automated CI (it is just a single small nginx instance maintained in spare time), although I know that even for manual QA having randomly expired certs isn't great.
As mentioned in the first comment, hosting a local test server is a great way to avoid depending on a (potentially flakey ;-) ) live site. I'm also currently working on updates to the site to reduce the maintenance burden by updating the server, pruning down particularly painful test cases, and moving all production certificates to automated renewals via ACME. (The likely outcome of this is that painful-to-maintain test cases or ones that we cannot acquire via ACME will be moved to local-only -- yet another reason to try out the local test server if you are interested in truly gnarly cases like 10000-SANs
!)
If there are particular test cases that are especially important to your use cases, I'd love to know so that we can try to keep them around, although some may require help in pestering CAs to support weird issuance via ACME. The web PKI is moving towards automated certificate lifecycle management and to keep the public BadSSL.com site running smoothly we're ultimately needing to move in that same direction.
Well let's face it: badssl.com is dead. 188 open issues and numerous expired certificates no-one takes care of...
Can anyone recommend a good alternative?