Originally Posted by easyhostmedia
It used to be a case of 'If you dont see a green bar or padlock then dont buy from that website' but with the free SSL these fraudsters can get 1 for the fake sites.
We were big believers in the Green Bar when we ran our eCommerce sites, and still recommend users to purchase them for that extra level of "implied" security that a user gets when they see the EV Green Bar.
But it's still only implied security. You could change the URL bar with CSS if you wanted
but for any commercial website you need a paid SSL
It used to be that CA was built into browsers etc, so that's why you bought from the big guys (verisign, comodo, geotrust etc), but with LetsEncrypt, that's built in now too, so there's no compatibility problem or trust issue as a result.
So why pay? The Insurance (10k, 100k Warranty etc) is only paid out if the encryption is be broken (which it never has been). It doesn't cover for fake transactions etc.
So why get is a Paid one NEEDED versus a free one?
And to clarify for everyone, I'm not picking apart anyone selling an SSL, I used to sell them when I ran hosting and we made a pretty penny doing so. I'm really wondering how (in the past 5 years that I've been out of hosting) has the SSL world changed with the free SSLs on the market and why users should not use them for commercial sites.