This article is categorized as "Garbage" . It should NEVER be appeared in your search engine's results.主要涉及Sectigo/Comodo, zeroSSL, let's encrypt,等等
sectigo/comodo相关
主要是因为acme.sh接受了zeroSSL的赞助,把默认的证书提供商从let's encrypt改成了zerossl.
🔗 [ZeroSSL 也提供免費的 SSL Certificate (DV) 了 – Gea-Suan Lin's BLOG] https://blog.gslin.org/archives/2020/11/24/9823/zerossl-也提供免費的-ssl-certificate-dv-了/
🔗 [If zerossl is reselling/a subsidiary of sectigo, that’s enough reason to never u… | Hacker News] https://news.ycombinator.com/item?id=25191361
comodo于2016年尝试注册let's encrypt商标:🔗 [Defending Our Brand [Updated] - Let's Encrypt] https://letsencrypt.org/2016/06/23/defending-our-brand
随后comodo自己放弃了:
使用zerossl的网站(2025-12-02验证为zeroSSL):🔗 [放弃Let's Encrypt证书,全站更换ZeroSSL证书 - 饭饭's Blog] https://ffis.me/archives/2110.html ,2025-12-02截图
(很意外)使用sectigo的网站:🔗 [Richard Stallman's Personal Page] https://stallman.org/
(很意外)使用let's encrypt的网站:
www.counter-strike.net
dota2.com
nginx.org
此外还有:🔗 [List of major websites with LE certificate? - Help - Let's Encrypt Community Support] https://community.letsencrypt.org/t/list-of-major-websites-with-le-certificate/153477
有关google SSL在TLS 1.2协议下被屏蔽的问题:
🔗 [国内家宽访问 Cloudflare IP + TLSv1.2 + GTS 证书的问题 - V2EX] https://www.v2ex.com/t/1096760
🔗 [使用Google新部署的W开头的中间证书签发的网站在TLS 1.2下100%阻断 / Sites issued with Google's newly deployed intermediate certificates starting with W are 100% blocked under TLS 1.2 · Issue #381 · net4people/bbs] https://github.com/net4people/bbs/issues/381
Cloudflare近几年开始逐渐颁发Google Trust Services的证书,比如:
有关zerossl对比let's encrtyp相关:
看了一圈nodeseek/v2ex/hostloc,大概总结为:
- zeroSSL的acme服务器经常抽风
- (黑历史,以及acme.sh被赞助后默认zeroSSL的争议)
- zeroSSL对一些特别老的设备兼容性更好
有关RSA和ECDSA证书的选择问题:
按照let's encrypt的指南,最稳妥/兼容的方案是在服务器上安装2个证书:RSA和ECDSA
具体见🔗 [本博客的架构与设计(2021-2025) - Truxton's blog] https://truxton2blog.com/blog-design-and-hosting-record-since-2021-09/#2025-12-05-rsa-ecdsa
