domain naming and SSL behaviour poll

[Urs Liska]

Hi all,

I've quite successfully started to properly configure my web server to
use quite strong https settings (getting A+ ratings on ssllabs.com's tests).
However, I "burnt" the certificate for book.openlilylib.org when trying
to get scripted assistance in the process (managed to overwrite the
private key ...).

This "book" is a quite important project that I'll very soon re-suggest
for collaboration here (currently you can access its stub at
https://textbook.openlilylib.org). I'm not sure how to proceed now and
would like to get some opinions.

I see four options:
1)
Use another subdomain (like the current "textbook" replacement). Any
suggestions welcome.
2)
Get a new certificate from cacert.org. Which has the upside of being
"free" and the downside that it requires visitors to either install
cacert's root certificate in their browser or accept the security exception.
3)
Get a new (free) certificate from another CA that is supported by the
major browsers. Here I'd be happy about suggestions (except cacert and
startssl.com)
4)
Revoke the current ("burnt") startssl.com certificate and create a new
one for book.openlilylib.org. This would require someone donating $25
for the revocation fee.

Any suggestions?

TIA
Urs
-- 
Urs Liska
www.openlilylib.org