I'm with Gandi and didn't actually realise I already had this facility under my nose. Thanks for the information!

I only recently bought a domain with Gandi after seeing it mentioned here.

This feature has just convinced me to stick with them for future purchases.

Only with the first year, if I'm reading their site right?

> With each domain name transferred to Gandi, we include a Standard SSL certificate for free the first year.

https://www.gandi.net/domain/ssl#nav

Uhm. It is ambiguously worded, that's for sure -

  Included for free the first year with the purchase,
  transfer, or renewal of your domain name.

My understanding was that if I had a domain with them and renewed for another year, that would fall under the "renewal" clause of the above.

Yep, I thought it was perpetually though after my first year they started charging me for it.

I'm actually shocked at how many places accept the trust chain of my free SSL certificate from Gandi. Some browsers refuse my company's very expensive wildcard certificate from GoDaddy saying it's not trusted but trust mine from Gandi!

Their certs are issued by Comodo, which is a well established CA. And they are hardly free, their price is simply rolled into the domain registration fee.

They may be well established, but remember ComodoGate [1,2].

[1] https://en.wikipedia.org/wiki/Comodo_Group#Breach_of_securit... [2] http://www.securelist.com/en/blog/6177/A_Web_of_Mis_Trust_Co...

Did you configure the server to send the intermediate certificates for your GoDaddy wildcard certificate? I've experienced similar problems in the past, but sending the intermediate certificate fixed it.

Yea, when you install any SSL certificate, don't forget the intermediate certs!