StartSSL

 StartSSL  was a service from StartCom that provides introductory SSL certificates for no cost. As of 2016-11-30, Mozilla, Google, and Apple have stopped trusting new certificates from WoSign and StartCom, and StartCom will cede operations at the end of 2017. See for more information.

Benefits

 * Single-domain SSL certificates are free.
 * You can create multiple certificates for individual subdomains, for example www.example.com and test.example.com
 * You can pay $59 to go through the "personal identity validation" process, at which point you get to do the following for the next 360 days:
 * Create as many wildcard certificates as you want for free (*.example.com), each is valid for 2 years
 * Create multi-domain certificates (example.org, example.com)

Issues

 * The user interface is very awkward.
 * Authentication is done only via browser client certificate, so make sure you back this up or you'll lose access to your account.
 * While single SSL certificates are free, it costs $24.99 to revoke a certificate if you need to.
 * You can only have one SSL certificate active per subdomain. There is a 2-week period where you can renew a certificate before it expires. This means if you lose your private key for a cert, you won't be able to re-create the cert with the same subdomain unless you pay to revoke the old one first.

Criticism

 * https://pierrekim.github.io/blog/2016-02-16-why-i-stopped-using-startssl-because-of-qihoo-360.html "The PKI platform of StartSSL, an Israeli leader of free SSL certificates, is now hosted by Qihoo 360, a Chinese Antivirus Company." Qihoo 360 has a very bad reputation and so StartSSL may not be treated as trusted and secure anymore.
 * https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview Mozilla investigation into backdating of certificates; may no longer trust newly-issued certificates in the near future:
 * Allegations of "... WoSign has been intentionally back-dating certificates to avoid blocks on SHA-1 issuance in browsers, having qualified audits and/or being caught violating the CAB Forum Baseline Requirements."
 * "Taking into account all the issues listed above, Mozilla’s CA team has lost confidence in the ability of WoSign/StartCom to faithfully and competently discharge the functions of a CA. Therefore we propose that, starting on a date to be determined in the near future, Mozilla products will no longer trust newly-issued certificates issued by either of these two CA brands."
 * https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/E13eT13wMBQ
 * "It seams that wosign has registered the domains letsencrypt.cn and letsencrypt.com.cn in 2014 after the public announce of Let's Encrypt"

I lost my client certificate, or my client certificate expired
If you lost your client certificate, or if you forgot to create a new one before it expired, you can still recover you account. Create a new account with the same email address, and then email certmaster at startssl.com with the subject line "merge accounts", provide your email address, and ask that your accounts be merged.