Note: Our main user blog is at https://medium.appbase.io. This blog is mostly kept for meta notes.
appbase.io website and our API services used Startcom CA for our SSL certificates. We liked Startcom's model of only charging for identity verification v/s other CA's model of charging per certificate.
Due to the recent trust issues that Wosign, Startcom's acquirer is facing with leading browser vendors -- to the extent that future versions of the browsers will stop trusting their issued certificates, we have migrated all our sites and API services away from Startcom.
We are shifting to using a combination of Comodo and Let's Encrypt, Comodo for all our critical services and Let's Encrypt for all new auxilary services.
We really like Let's Encrypt but it's limitations around number of certificates per TLD (currently capped at 20 per week) and no support for wildcards make it a no go at the moment.
Importantly, while making the migration -- we also took into account other security optimizations, particularly supporting a 2048-bit group sized Diffie-Hellman deployment. You can read more about this issue over here.
Our SSL Labs Ratings prior to migration:
appbase.io handles the main website communication.
scalr.api.appbase.io service handles all our app data communication.
Starting April 24th, 2017, we have fully migrated away from Startcom and while at it, enhanced our SSL security.