finally{}: Survival of the Fiendish

In ages past, the claim has been that the “fittest” survive. Nowadays, the fittest appear to fall by the wayside, crowded out by those fiendishly over-promising, under-delivering, and making it unbearably difficult to escape.

I spent the greater part of yesterday and today in annoying agony. What had I done to deserve this fate? Well, I tried to pay a company money for a service they sell. I know, I know…how dare I commit such a heinous crime.

It all started with a call about a website that someone couldn’t access. Did a little digging, and it was because the website was not using https, and this person’s security restrictions only allow them to visit websites that use https. They asked us to add a secure certificate. Sure. Easy peasy. (If only I had known…)

I checked the docs for the hosting company (which shall remain unnamed but is a company with more than enough resources that they should have their business figured out) and saw that they listed a number of different ways to get a secure certificate activated for a website, both automatic and manual installations from various providers, including them. I started with trying a Let’s Encrypt certificate because it was more than enough for this website’s needs, and free is a price all my clients love. The hosting company offered an automated way to install and renew Let’s Encrypt certificates. I followed the instructions to configure everything needed, then discovered that the automated tool didn’t have the permission levels needed to run and did not have the options listed in the support docs. Something clearly changed, and the docs were never updated.

I switched over to the directions for manually installing the certificate. The installation was working splendidly until I hit the certificate verification step. Verification required a directory structure that I did not have access to create on the server, so I hit a dead-end there as well. A little disappointed that the Let’s Encrypt route didn’t work, I acquiesced and signed up for the hosting company’s paid secure certificate option. The certificate wasn’t free, but considering how much time it would likely take me to troubleshoot the Let’s Encrypt installation issues, it would likely be cheaper overall. I completed the purchase and started through the handy automatic process to install the secure certificate. I almost instantly hit a roadblock. Despite no information explaining this limitation in the purchase process nor the support docs, I discovered, thanks to others on the internet, that the automated secure certificate process only works for websites hosted through their special automated hosting service. Custom websites just using the server space were not supported.

I was again disappointed and now a little angry too, but I paid for this certificate, so I need to keep going with it. I switched over to the instructions for manually installing the purchased certificate. These instructions have not been updated in a long time as the terminology used refers to products that the hosting company phased out years ago. Searching through posts on various helpdesk-type websites, I find enough posts that I am able to get through the process of getting the certificate installed. However, the website will still not load via https. I check the logs. No errors. I run the verifications. Everything looks good. I return to searching the online helpdesk sites for answers. I run into a lot of posts from people with the same issue, but no one who ever resolved their issue. Each time, they either said they switched hosting companies, or they had to contact support to get the issue resolved. Switching companies is not an option today, so I go to contact the support team and discover that there is no way to talk to anyone without paying. There is also no information on how much it will cost to talk to someone. At this point, I’m left with a hosting company that wants to charge me for the opportunity to talk to them to see if it is possible to have them fix the broken product that they just sold to me.

This is not an isolated experience. So many companies are profiting off of treating their customer horribly. They make it easy to sign up for a hundred services with the click of a single button but then require you to find and turn off each of those services individually. They sell you convenient products and only tell you later that they only work if you buy their other products as well. They make it easy to migrate to their service but block all access that would make it easy for you to migrate away from their service, including preventing you from downloading backups of your content.

Brick-and-mortar stores would never get away with this. Can you imagine the outrage if a shopping mall locked the doors and refused to let people leave unless they paid an extra fee to take their personal belongings with them when they left? Or if a grocery store hid the exits so you couldn’t find them to leave? Or if a department store snuck items into your pockets while you were shopping and then forced you to pay for them when you tried to leave even though you didn’t want them or even know you had them?

It’s time for tech companies to do some soul-searching. Instead of holding customers hostage to earn a profit, let’s conduct ourselves with honor and respect, creating services and customer service experiences that make customers excited to work with us.

Originally published in “One Last Slice”, the May 2022 issue of php[architect] magazine.