Computing

Buying things on AliExpress

by
Screenshot of the AliExpress home page

I’ve been using AliExpress to buy occasional items since last summer. For those not already familiar, AliExpress is an online marketplace, where various businesses can sell products direct to consumers. The majority of the businesses on the platform are based in China, and it’s very similar to Shein and Temu in this regard. In my experience, AliExpress tends to focus more on technology, but its sellers offer a wide variety of things.

Before I continue, a disclosure. I’m a member of Amazon Associates, and so whenever you buy something from Amazon having followed a link from this blog, I get a small amount of commission. AliExpress is an Amazon competitor, and I do not get any commission from AliExpress. That being said, you can use this referral link if you want.

Shipping times

The big difference between buying from AliExpress (or Shein, or Temu) when compared with, say, Amazon, is the shipping times. The products you buy from AliExpress are usually shipped, on demand, directly from China. This means that orders to the UK typically take a week to arrive, if they’re in stock.

You do get regular shipping updates, both by email and in the AliExpress app, telling you when your items have been dispatched, arrived in your country, cleared customs and are finally out for delivery. It’s worth noting that, once in the UK, orders are generally delivered by Evri (aka Hermes). Whilst we seem to have a good local Evri courier at present, I’ve also had horror stories in the past, so bear this in mind.

Another thing to watch out for is extended delivery times. I’ve bought items where the expected delivery time has been measured in weeks rather than days, and this wasn’t obvious prior to payment.

Choice items

Many items for sale on AliExpress carry a ‘Choice’ flag. If you buy enough of these at once, then you get free delivery. What this means – I think – is that the individual sellers will send their products to a central dispatch point, where they’re collected together, put into a larger padded envelope, and sent internationally as one package.

Unlike Amazon, who mostly use cardboard for their packages, expect to receive lots of hard-to-recycle plastic packaging when your order arrives. And while we’re talking about the environment, bear in mind that your order will most likely be shipped by air, and so incurs significant carbon emissions. By contrast, products shipped by boat to a UK warehouse before sale will have incurred lower emissions on the whole.

Prices

Because you’re buying directly from sellers in China, the prices are usually lower than anywhere else. Typically, I’ve seen the same items costing 50% more on Amazon than on AliExpress. Note that some prices exclude VAT, so when you get to the checkout, don’t be surprised to see your total go up by around 20%.

Coins

Coins are the currency AliExpress uses for its loyalty scheme. Once you have an account, then performing various actions whilst using the AliExpress app (and specifically the app, not the web site) rewards you coins. This can be as simple as opening the Coins page of the app each day, or writing a review. There are also games within the app that you can play for coins.

When you buy products, you may be able to redeem some of your coins against the total cost. You probably won’t be able to pay for a whole order with coins, but it may knock a few pence off. I currently have 866 coins as I write this, which should amount to approximately £6.78.

I’m guessing the whole idea with coins is that you’re tempted into opening the app regularly, and so are tempted into buying more things.

Discount events

AliExpress has regular events where discounts are available. These are either coupons, e.g. save £5 if you spend £30, or discounts on products. Usually, there’s a discount on Choice items on the first day of the month, for example.

Helpfully, AliExpress sometimes indicates if a product will be cheaper in the near future. Usually, the difference is just a few pence, but it’s worth noting if you don’t need an item urgently. And, let’s face it, if you’re already expecting to wait a week for delivery, a few more days to save a little may be worth the wait.

The best things I’ve bought from AliExpress

I’ve reviewed a number of items that I’ve bought from AliExpress over the past year or so, but certainly not everything. Of those that I have reviewed, here’s a list:

I’ve also picked up a MagSafe power bank, that I use regularly, a colour changing Zigbee smart bulb, and a USB-C to 2.5mm audio jack adaptor. I’ve bought multiple sets of cheap Lenovo ThinkPlus wireless earbuds, so that I have a set in each bag that I use regularly and so am never without headphones. They won’t win any audiophile awards, but they’re good enough.

The best bargain was something that we bought for our nine-year-old, to help with one of their disabilities. It cost £20, versus £150 for an almost identical product from a specialist UK disability store that we also had to buy.

On one of the Home Assistant Facebook groups I’m in, another member said that he doesn’t buy anything from AliExpress that can be plugged into the mains, for safety reasons. Indeed, of the things I’ve bought, only the smart bulb, and a couple of Zigbee smart plugs, are things that can be plugged into the mains. I’ve not had any issues with any of them, but I think it’s a good rule to follow. It’s certainly possible to pick up items from AliExpress that shouldn’t be legally sold in the UK, because they’re not compliant with our safety laws. This is true of most marketplace platforms, including Amazon.

…and the things I’ve regretted

Not every purchase has been worthwhile. I reviewed this six port USB car charger in March; since then, some of the plastic has come off, and I don’t use it anymore. That’s mainly because our new car has ample built-in USB ports and so it’s no longer necessary, but I don’t know if I’d feel safe using it now either way.

There was a USB charger cable that looked like a three-tailed whip, featuring USB-C, Lightning and micro-USB ports on one end and a USB-A port on the other. It claimed to offer 100 W charging, although my understanding of how USB-A works means that’s arguably impossible. It’s certainly not met my expectations, although I still use it, and it cost barely more than £1.

I also bought a tyre pressure monitoring system, with smart dust caps – again, for our old car. The monitoring unit was solar powered, and was designed to stick to a window. The glue on the sticky pads quickly failed and so the monitoring unit regularly ran out of power.

Whilst I had regrets about all of these, collectively they add up to about £15 of wasted money.

Using an iPad as a desktop PC

by
An iPad connected to a docking station for use with an external screen, keyboard and mouse

If you have one of the newer iPad Air or iPad Pro models, then you can plug in an external keyboard, mouse and screen, and use it like a desktop PC. All you need is USB-C docking station with USB and HDMI ports. Indeed, I’m writing this blog post on the WordPress iOS app, but using my USB keyboard, mouse and external display.

Docking station

The docking station I’m using is this Orico model (sponsored link), which has an HDMI port, three USB-A ports (two USB 2, one USB 3) and a USB-C port. This USB-C port supports Power Delivery, and so it can be used to charge your iPad whilst it’s plugged in.

Other docking stations add Ethernet and readers for SD and TF cards, but this one doesn’t. And yes, iPad OS does support Ethernet when connected to an adaptor – I’ve tried it myself with a USB-C Ethernet adaptor that I normally use for my laptop at home.

What it’s like to use

Apple’s information page about using an external display is a bit vague. In my experience, the external screen would only show output once I had also plugged in my keyboard and mouse – it wouldn’t work with just the screen plugged in. That may be a quirk of the Orico docking station.

Rather than mirroring the display, the external screen was an extension of the iPad desktop. Apps would open on the iPad screen, and to get them to open on the external screen, I had to flick down from the top to reveal the menu bar and use the Window menu to move them across. With Stage Manager enabled, you can have multiple apps open in different windows on both screens.

I didn’t see a noticeable reduction in performance – the iPad seemed pretty capable of outputting to two screens. But it did deplete the battery faster, as I hadn’t plugged in a USB-C cable into the docking station to charge.

But why?

So why would you want to do this? Compared to my Windows laptop, which takes a minute or two to boot up, my iPad is always on and launches immediately from standby. Therefore, if I need to do something on a big screen quickly, it’s quicker to plug my iPad into a docking station than booting the laptop up.

It’s also a way of experiencing how Apple has repositioned iPad OS as being somewhere between iOS and macOS, rather than just iOS on a bigger screen. Apple wants the iPad range to be useful for actual work, rather than merely larger screens to consume content.

Finally, apologies for the photo above not actually showing the iPad with my screen, keyboard and mouse. My workspace is a mess at the moment, and I didn’t fancy tidying it up just for this blog post.

Windows 10 Extended Security Updates

by
Screenshot which says 'You're eligible to enrol in Extended Security Updates at no extra cost'

Microsoft is ending support for Windows 10 in just two days time. What this means is, if you’re using Windows 10 and don’t take action, you’ll no longer get security updates for your computer. And that would be bad – your computer is therefore at greater risk of viruses and malware.

Previously, when Microsoft ended support for Windows, if you were a home user then you were on your own. This time, Microsoft is offering the Extended Security Updates programme, and making it available to home users for the first time. I suppose this is because Windows 11 installs only exceeded Windows 10 as recently as June this year, and around 45% of Windows users still use Windows 10 despite it being 10 years old now. This includes us.

Upgrade or replace

Ideally, Microsoft wants you to upgrade to Windows 11. Many Windows 10 computers can be upgraded, but not all. If not, then, as far as Microsoft is concerned, you should be considering purchasing a new computer.

At home, we have a Lenovo Ideapad 320S which is approaching its eighth birthday. That’s pretty old for a laptop, and it’s been used heavily as it was my main work computer during lockdown. Theoretically, it might run Windows 11, if I backed everything up, wiped its SSD and did a fresh install. But Microsoft’s PC Health Check app won’t allow an in-place upgrade, as its processor (an Intel Core i3 in the 7000 series) doesn’t meet its minimum hardware requirements.

We will, eventually, replace this with a new laptop running Windows 11 – probably some time next year. But for now, this little survivor meets our needs – especially as, back in 2021, I upgraded its RAM from 4 gigabytes to 16 gigabytes.

Enrolling for Extended Security Updates

If you open Windows Update on a Windows 10 machine, you should see the option to enrol for Extended Security Updates. This gives you an additional year of security updates, to allow you time to either upgrade or buy a new computer. As mentioned, this is a new offering for home users; previously, only enterprise users ever had this option.

Enrolling for extended security updates may cost you, depending on your system settings. If, at the time you sign up, you’re already synchronising your PC settings, then you may be offered the extended security updates at no charge. This is what happened to us, as per the screenshot at the top of this blog post. Which was nice.

Alternatively, if you live in the European Economic Area (EEA), then you should also get the updates for free. Thanks to Brexit, us Brits unfortunately no longer live in the EEA.

If you’re not eligible for free updates, then Microsoft will charge you. If you use Microsoft Rewards, then you can redeem 1000 reward points instead of paying money. Alternatively, there’s a $30 charge, which works out at about £24 for the year.

What about Linux?

If you don’t want to buy a new PC, aren’t eligible for free updates and don’t want to pay, then I suppose the other option is to consider running some flavour of Linux on your existing PC. I wouldn’t necessarily recommend this, but if you’re really stuck for money and have the time to learn how to use a new operating system, then sure, I guess it’s an option to consider.

New new new iPad

by
A photo of an iPad Air 6

A couple of weeks ago, I bought myself a new iPad. I’ve gone for the 6th generation iPad Air, which has now been discontinued having been on sale for around 10 months until March this year. The fact that it’s discontinued is why I’ve bought an iPad Air, rather than a standard iPad; I ended up buying it cheaply from Costco for £360, versus around £300 for a standard iPad.

Saying goodbye to my old iPad

My previous iPad was a standard iPad 6, and I’d had it for seven years. During that time it was used almost daily, and it was starting to show its age. As well as a dented case on the back, the battery was not holding charge well and it became very picky about which Lightning cable it would actually charge from. It’s also no longer fully supported by Apple; it can only run iOS 17 which has only had minor security updates since last autumn. I expect it won’t get any updates at all soon. Still, seven years of almost daily use is pretty good going. Before that, I’d had an iPad Mini 2 for four years, and before that, a year with a second-hand original iPad which was the first one that I owned.

This new iPad Air 6 is a Wi-Fi only model, whereas my previous iPad also had cellular data. My main reason for going Wi-Fi-only was to take advantage of the cheap deal at Costco, but also I don’t use cellular data as much as I used to. Back in 2018, I was spending quite a bit of time on trains that didn’t have Wi-Fi; nowadays, I tend to only commute to work twice a week, and the trains all have Wi-Fi now. I also have a higher data allowance on my mobile plan, and so I can hotspot off my iPhone if needed.

Size, performance and connectivity

Being an iPad Air, it sits between the standard iPad, and the iPad Pro in terms of performance. It has one of Apple’s M-class processors, which you see in the iPad Pro and its Mac range, rather than the A-class processors that come in the standard iPad and on iPhones. That also means it has Apple Intelligence, Apple’s on-device AI. Not that I’ve really used Apple Intelligence much, apart from some minor photo editing. But overall, I’m very happy with the performance, compared to my previous model.

Also compared to my previous model, the 11″ iPad Air 6 that I bought is about the same size and weight. There is also a 13″ model, but this is fine for me and I’m used to the size.

Whilst the case is roughly the same size, with the narrower bezel, the screen has a much larger viewable area, and with a higher resolution. To unlock the screen, the iPad Air moves the Touch ID sensor to the lock button on top (only the iPad Pro has Face ID for unlocking). That takes a little getting used to; to unlock, you rest your finger on the button, rather than pressing it.

Apple is phasing out the Lightning connector, and all new iPads now come with a standard USB-C port, rather than Lightning. In the box, there’s a USB-C to C cable, but no AC adaptor; which is fine for me as we have several. Christine, being more of the Android persuasion, already has plenty of USB-C to C cables as well. There’s also no 3.5mm audio socket, so I’ve already picked up a USB-C to 3.5mm adaptor. Speaking of audio, there are speakers on both short sides of the iPad Air, rather than just the base.

A bargain price

Considering that the iPad Air 6 retailed for £549 when new, and a refurbished model costs £469 direct from Apple, getting mine from Costco for £360 was an absolute bargain. Before you rush off to your nearest Costco, bear in mind that mine was ‘sold as seen’, and they may have already sold out by now. Still, the money I saved was more than the cost of our annual membership. And, being a more powerful model than the one I’d planned to buy, I hope that it’ll last longer too. I don’t know if it’ll manage seven years, like my last iPad did, but 4-5 years would be good going.

No more Google Assistant on Fitbit Versa 3

by
A screenshot of an email from Google Fitbit. It says: You are receiving this email to let you know about an upcoming change to your Fitbit Sense and/or Versa 3. Over the next few weeks we will be progressively phasing out Google Assistant on your Fitbit device. You can learn more about this process here. This change means that Google Assistant voice control for activities will no longer be available on your Fitbit device.

In a few weeks time, Google is removing support for Google Assistant on its Fitbit Versa 3 and Sense devices. I have a Fitbit Versa 3, and so last week I received an email (screenshotted above) notifying me. Going forward, if you have a Fitbit Versa 3 or Fitbit Sense, you’ll only be able to use Amazon Alexa and not Google Assistant.

When I first heard about this, I was a little confused. After all, with Google now owning Fitbit, you would expect them to phase out support for Alexa to keep you in Google’s ecosystem. So, I did a bit of digging.

Alexa on Fitbit has always supported more features

Firstly, Google Assistant has been a poor relation of Alexa on Fitbit devices. On a Fitbit, Alexa can do most things that an Amazon Echo device can do, including controlling smart home devices. Google Assistant was more limited, to things like web searches, or launching apps on the Fitbit device to set timers or start exercises.

I’ve had my Fitbit Versa 3 for nearly three years – it was a 38th birthday present from Christine – and in that time I’ve only ever used Google Assistant. Following this announcement, I switched to Alexa, and have so far found it more capable. We don’t use any other Alexa devices at home, and so I’ve had to link up our various smart home devices to Alexa son that I can interact with them. For the most part, I’ve used Home Assistant and Homeway to achieve this.

Google is ‘upgrading’ Assistant to Gemini

You’re probably aware of Google Gemini, which is Google’s AI chat bot. Later this year, Gemini will replace the Google Assistant mobile app, as Google wants to foist its AI tools on its existing Google Assistant users. I’m not extremely comfortable with this, as I believe that current AI models are flawed and inefficient. For example, last year Gemini told people to eat one rock per day, and I’m concerned with the amount of computing power these AI models need compared to more basic natural language parsing. But I guess I don’t have a choice unless I stop using Google Assistant altogether.

Anyway, it seems that Google has decided that its older devices won’t be getting the Gemini upgrade. When you use Google Assistant on a Fitbit Versa 3, it communicates with the Google Assistant on your paired phone by Bluetooth. Presumably then, once the Google Assistant app has disappeared from app stores, it won’t be able to work. Google no longer sells the Versa 3 and Sense, and so I’m guessing they’ve made a business decision not to support the Gemini upgrade. After all, unless you’re a Fitbit Premium or Google One subscriber, you’re not making any more money for Google after having bought the device.

For now, the newer Fitbit Versa 4 and Sense 2 should still work with Google Assistant – these models are still on sale at the time of writing. However, they’re being phased out – in future, Google will only sell the Inspire and Charge Fitbit ranges. If you want a smart watch, you’ll be steered towards Google’s Pixel Watch range – but bear in mind that they’re Android-only.

As for my Fitbit Versa 3? Hopefully it’ll keep going for at least a couple more years, and I’m happy with using Alexa instead of Google Assistant for now. When it comes to replacing it, however, I’ll need to think hard about my choices. Whilst Fitbit’s smart watch range is less capable than, say, an Apple Watch, they offer much better battery life. An Apple Watch Ultra typically lasts only 36 hours, whereas the Versa 3 would do five days on a full charge when I bought it. Even now, it still manages 3-4 days, depending on use.

Does your phone have a wrist strap?

by
A photo of my iPhone 13 Mini with a third party case and wrist strap.

I’ve recently added a wrist strap to my phone. This is primarily on the back of Terence Eden’s advice for mobile security. As well as advising the use of a password manager, password/biometric lock and not sideloading apps from shady sources, he also mentions physical security of the handset.

In figures from April 2023, it’s estimated that 248 phones are stolen in London every day, 98% of which are never recovered. There may be a change in the law to allow police to search a property without a warrant, if they have reasonable suspicion that a stolen phone with location tracking on is there, but it’s not in force yet. And in any case, phone thieves will probably just put your phone in foil-lined box to block the signals. Previous victims have tracked their stolen phones only to find them ending up in China.

Whilst my phone “only” cost around £700, I’ll only finish paying it off next month. If you have an iPhone Pro Max with the maximum 1 terabyte of storage, you’ll have paid £1600 which is a lot of money to lose. Some Samsung Android phones also cost serious cash to buy new nowadays too.

I often have my phone out when walking around, mainly for playing Pokemon Go. All it takes is someone brazen enough to snatch it out of my hand for it likely to be gone for good. So I’ve finally decided that a wrist strap would be a good idea in the hope of preventing this.

Both the strap, and the phone case I use, are relatively cheap ones from AliExpress – collectively costing less than £5. The case has a pair of holes for threading a strap through, but you can also buy wrist straps that attach to the bottom of any phone case if yours doesn’t have holes. Somewhat annoyingly, the holes are on the left side of the phone, and I’m right-handed.

My wrist strap itself is adjustable, so you can tighten it around your wrist and reduce the risk it falling (or being pulled) out of your hand.

Whilst I was mainly motivated to reduce the risk of my phone being stolen, having a wrist strap also reduces the risk that you’ll drop your phone. As well as reducing the risk of the phone being damaged, it means you’re less likely to drop it in places where it can’t easily be retrieved. Maybe if Rebekah Vardy’s agent had a strap on her phone, she wouldn’t have ‘accidentally’ dropped it in the North Sea. Snide remarks aside, I use my phone’s camera quite a bit, so having a wrist strap makes me more confident that I’m not going to drop it into a lion enclosure at a zoo or something.

Just a quick word of caution though. If you keep your phone in a pocket, make sure you tuck the wrist strap in as well so it’s not hanging out. Otherwise, counter-intuitively, it might make your phone easier for pick-pockets to steal.

Comparing Bluetooth and Zigbee plant monitors

by
A photo showing a Zigbee plant monitor on the left and a Bluetooth plant monitor on the right

Search for ‘millennials house plants’ on Google and you’ll see lots of magazine articles about how people of our generation love our house plants. Alas, neither Christine or I are particularly good at keeping our house plants alive, apart from those in the already humid environment of our bathroom. So, I’ve been experimenting with electronic plant monitors to see if one will help us keep our plants thriving.

I’ve tried two different sorts of plant monitor: a Bluetooth Low Energy plant monitor from HHCC, and a Zigbee plant monitor from Haozee which works with the Tuya smart home platform. Both were bought from AliExpress.

A photo of the HHCC Bluetooth Smart Flower Monitor, inside a white plant pot and under the leaves of a basil plant.

HHCC Smart Flower Monitor

First to the HHCC model, which uses Bluetooth Low Energy. It’s sometimes known as ‘MiFlora’ and compatible devices are also sold under the Xiaomi brand. Of the two, it’s smaller, and offers more sensors; as well as detecting how much moisture is in the soil and the temperature, it’ll also try to measure how fertile the soil is, and the light intensity. It’s powered by a small CR2032 button battery which is replaceable. Officially, you should use the Flower Care app with it, but it also works with Home Assistant using the Xiaomi BLE integration.

The button battery should work for about six weeks before it needs replacing. Alas, these CR2032 batteries are not rechargeable, so you’ll need to take it to somewhere that recycles batteries and replace them when they run out of charge. At the time of writing, you can get 20 replacement CR2032 batteries for around £6, which should be enough to last you a couple of years.

Bluetooth Low Energy, as the name suggests, doesn’t have a long range. Therefore, if you are using this HHCC device with Home Assistant, you’ll need to have your device (or a Bluetooth proxy) in very close range.

A Zigbee plant monitor, which is white, oblong shaped and has light blue edging, sat in a white plant pot next to a basil plant.

Haozee Zigbee plant monitor

As you’ll see from the side by side photo at the top of this blog post, this Zigbee model is a bit bigger than the Bluetooth model. That’s because it takes two AAA batteries, rather than a CR2032 button battery. Consequently, battery life should be much longer – premium AAA batteries can typically hold up to 1100 mAh charge, compared to around 240 mAh in a CR2032 battery. Also, AAA batteries can be rechargeable.

The Zigbee signal should also be much stronger than Bluetooth Low Energy. I’ve certainly had fewer connection issues with this one compared to the HHCC model, even though the nearest Zigbee device is further away.

However, unlike the HHCC model, it doesn’t offer light or soil fertility sensors. You’ll just get the moisture level and temperature, as well as how much charge the battery has remaining. Also, if you’re planning to connect this to Home Assistant, be aware that it (probably) doesn’t support Home Assistant’s built-in ZHA integration. This was the reason why I set up Zigbee2MQTT.

The other disadvantage of Zigbee devices is the need for a hub or bridge of some sort. I use a Sonoff USB Zigbee dongle plugged into my Raspberry Pi running Home Assistant, but I imagine you’re supposed to use something like this Tuya Zigbee hub (sponsored link) and the Smart Life or Tuya phone apps. So whilst the Zigbee plant monitor itself was slightly cheaper than the Bluetooth model, there’s an initial setup cost if you don’t already have a Zigbee controller.

My recommendation

The HHCC Bluetooth plant monitor is fine if you just want to use the official Flower Care app, or have your plant very close to your Home Assistant device. The replacement batteries are cheap and you may not need any extra hardware to get it to work.

If you need a longer range, don’t want to replace batteries as often, and/or have other Zigbee devices already, get the Zigbee plant monitor. You can use standard rechargeable AAA batteries with it, and you’ll get a more reliable connection over long distances.

Steetek USB/HDMI KVM Switch review

by
A photo of the Steetek KVM switch, with a USB cable plugged in the front and various USB and HDMI cables plugged into the back. It's a grey, rectangular metal box.

If you’ve been reading this blog for a few months, you may notice that I’ll review gadgets that I’ve bought from Amazon from time to time. This includes headphones, a USB solid state drive, a Bluetooth label printer, a Bluetooth thermometer, energy monitoring smart plugs, a Zigbee dongle and a multi-device wireless mouse. And today, I’m reviewing a Steetek KVM switch (sponsored link).

KVM switches have been around for many years – KVM standing for Keyboard, Video and Mouse. They allow you to have one keyboard, mouse and screen connected to two or more computers, which you can switch between. Older models had to include all manner of ports – RS232 serial ports, parallel ports, PS/2 ports for keyboards and mice, and VGA or DVI ports for screens. Nowadays, thanks to standardisation on USB, modern KVM switches are much more simple.

This Steetek model is designed to switch between two computers. It comes with two USB-A to USB-B cables to connect to each computer, but you need to provide your own HDMI cables. On the front are four USB 2.0 ports, so it also doubles as a USB hub. Note that the picture on Amazon’s web site suggests that there are two USB 1.1 and two USB 2.0 ports, but they’re all labelled as USB 2.0 on the KVM switch that was delivered to me.

Once set up, there’s a single button at the front, which you press to toggle between the two computers, and two LEDs, which illuminate depending on which computer is in use. It can support 4K Ultra HD screens (3840 × 216 resolution) and audio over HDMI, so you can use it for (for example) games consoles as well as computers. The KVM switch does not need any external power, and there are no drivers to install. That being said, the lack of external power means that the USB ports will only be really useful for connecting keyboards and mice, and not any high-power devices like phones.

It’s also nice and compact, measuring just 11 cm (4 1/2 inches) wide, 6 cm (2 1/2 inches) deep and only an inch (2.5 cm) high, so it doesn’t take up much space on my desk. I’m using it to switch between our home Windows laptop, and the Raspberry Pi which runs Home Assistant. As mentioned, there’s no need to install drivers and so it works fine, even when the two computers are very different. It costs about £20 at the time of writing.

There are lots of other KVM switches available, offering external power and connections to more than two computers. There are also some Thunderbolt KVM switches, such as this one (sponsored link), which are even simpler to set up. Because Thunderbolt uses USB-C connectors for data and video, you only need one USB-C connection to each device rather than separate USB and HDMI connections. However, you’ll pay a premium for these, as they cost several times more than this more basic one. And neither of my computers support Thunderbolt.

Comparing ZeroSSL and Let’s Encrypt

by

If you run a hobbyist web site like I do, then nowadays there’s at least two places to get free SSL certificates: ZeroSSL, and Let’s Encrypt. I’ve used both, and so this is a comparison of their relative advantages and disadvantages.

Of the two, Let’s Encrypt is the most well-known, even though it’s only been around almost 10 years. It’ll celebrate its 10th birthday this coming November. Despite this, over 400 million certificates have been issued over those 10 years, and 93% of web sites use Let’s Encrypt certificates. It’s now the world’s most popular Certificate Authority, presumably because it’s free for all to use.

ZeroSSL is a much smaller commercial alternative, but it too offers free SSL certificates. The concept of SSL certificates being free would have probably blown my mind 20 years ago, but now almost all web sites use SSL – probably because Google ranks such web sites higher as a way of encouraging better security.

Anyway, this is a comparison, so here we go:

A still from the Lord of the Rings film where Boromir states 'One does not simply walk into Mordor'. The text has been replaced with 'One does not simply get a Let's Encrypt certificate'.

Ease of issuing certificates

Let’s Encrypt is designed to be an automated service for managing certificates, using tools like Certbot. Which is fine if you have a host that supports Certbot, or another tool that uses the ACME protocol. For example, I run Sympl which manages my Let’s Encrypt certificate for this web site.

But if you want to manually obtain an SSL certificate from Let’s Encrypt, it’s a much more involved process. You’ll need to interact with Certbot on the command line, and probably fiddle with your domain’s DNS settings. SSLFree.io appears to be a web-based front-end for getting Let’s Encrypt certificates, but I’m not sure how much I trust it.

ZeroSSL is the winner here. There’s a web-based tool for obtaining SSL certificates, and you can authenticate using an email link if you wish. There is also an ACME API.

How many certificates you can get

Let’s Encrypt is free for everyone, no matter how many certificates you need. You can also create a ‘wildcard’ SSL certificate, that would cover example.com and all its subdomains, although you’ll need to use a DNS provider that has a plugin available like CloudFlare.

ZeroSSL, being a for-profit company, isn’t so generous. If you want to use their web-based interface, then you’re permitted a maximum of three free SSL certificates that are valid for 90 days. This limit of three certificates includes renewals, so if you have three certificates already, you’ll need to wait for one to expire before you can renew it (or pay for a new one). Thankfully, there isn’t a limit on those created using the ACME service.

How long the certificates last for

Paid-for SSL certificates would typically last for 12 months. The free certificates that Let’s Encrypt can issue are only valid for 90 days, but the idea is that their renewal is automated using tools like Certbot so that, in practice, there’s no interruption in service for users.

ZeroSSL’s free certificates are therefore also only valid for 90 days. You can, of course, pay for a standard certificate that lasts longer, but this will cost. Rather than paying per certificate, ZeroSSL charges a monthly subscription beginning at $10 per month. By contrast, Xilo, who I used before Let’s Encrypt was a thing, charges £20 for a one year SSL certificate.

Other alternatives

I’ve focussed on Let’s Encrypt and ZeroSSL as these are the two that I have the most experience with. CloudFlare also offers free SSL certificates, as does SSL.com. I can’t really compare these as I haven’t tried them.

Manually renewing SSL certificates with Certbot

by
A screenshot of Putty connecting over ssh to a server running certbot, where the command has been issued to manually renew an SSL certificate. The domain has been pixelated.

Back in February, I started using nginx Proxy Manager to manage external access to the various web services that I host on my Raspberry Pi – namely, Home Assistant, calibre-web and Nextcloud. Nginx Proxy Manager (NgPM) includes Certbot, which is an automated tool for managing SSL certificates from Let’s Encrypt, and it should automatically renew certificates every three months so that there’s always a valid certificate in use.

In practice, this doesn’t work on my NgPM install. I understand it’s a bug in an older version that has been fixed, but as I run NgPM as a Home Assistant addon, that bug fix hasn’t made its way downstream. Attempts to renew the SSL certificates through the NgPM web interface fail with unhelpful errors.

Hopefully, the Home Assistant addon package will get updated soon, and this won’t be a problem anymore. But in the meantime, this is the workaround that I’m using – manually interacting with Certbot on the command line to generate a certificate. This can then be imported into NgPM manually.

Step 0: access Certbot through Docker

If you have access to Certbot directly, you can skip this step.I don’t, and Certbot is no longer supported on Windows, so I’m using the version of Certbot that comes with NgPM.

As this runs in Docker, we need to open a shell session inside the Docker image, using docker exec -it addon_a0d7b954_nginxproxymanager sh. I had to run this as root on my system using sudo.

Step 1: request the certificate

Now we can interact with Certbot itself. Here’s the command to type:

certbot certonly --manual --preferred-challenges dns - d example.com

Let’s break this down:

  • certonly specifies that we just want the certificate – we don’t want Certbot to install this for us.
  • --manual tells Certbot that we want to manually authenticate the domain.
  • --preferred-challenges dns means that we want to authenticate using DNS, rather than HTTP – this is tricky to do when you’re using a reverse proxy
  • -d example.com is the domain that we want the SSL certificate for.

Step 2: add a TXT record to authenticate

If you use something like Google or Cloudflare for DNS, then you may be able to use a plugin to automate this step. I don’t, so here we create a TXT record on our DNS provider’s dashboard to authenticate the certificate. This will be something like _acme-challenge.example.com and will include a text string that Certbot gives you.

Once you’ve created the TXT record, my suggestion is to set a timer for 2-3 minutes, before pressing Enter to continue. DNS records can take anything from a matter of seconds to a few minutes to propagate, and if you try to continue too soon, the authentication will fail and you’ll need to go back to step 1. Trust me on this.

Step 3: download the certificate files

If the authentication is successful, then Certbot will have created two files for you. For me, these were something like:

/etc/letsencrypt/example.com/fullchain.pem
/etc/letsencrypt/example.com/privkey.pem

As I was running Certbot from within Docker, the easiest way I found to save these was to type cat /etc/letsencrypt/example.com/fullchain.pem (and for privkey.pem) and then copy and paste the output into a file locally.

Step 4: add to Nginx Proxy Manager

If you’re using Nginx Proxy Manager and want to be able to use your new SSL certificate, then open the SSL Certificates tab at the top, click ‘Add SSL Certificate’, and then ‘Custom’. Don’t choose the Let’s Encrypt option; although these certificates were issued by Let’s Encrypt, you want to import them manually.

Give it a name – I usually put the name of the service and the month (e.g. Nextcloud Sept 2024). Upload the privkey.pem file as the Certificate Key, and fullchain.pem as the Certificate. Click Save.

Now, go to the Proxy Hosts tab, and choose the host that matches the SSL certificate that you’ve uploaded. Click on the three dots on the right hand side, and choose Edit. On the SSL tab, select the certificate that you’ve uploaded. And that should be it – try navigating to your domain to see if it’s working and check that the new certificate is in use.

No auto-renewals

It’s worth baring in mind that manually-issued Let’s Encrypt certificates won’t normally auto-renew. You apparently can use validation hooks to enable auto-renew, but this goes beyond my expertise.

I’m hoping that the package maintainer for the Nginx Proxy Manager addon for Home Assistant will issue a new release soon, which will enable me to auto-renew my certificates in future. If not, then I have my own guide to follow to manually renew.