In there defence this their treatment of revocation requests is made quite plain in their policies, and any heartbleed exposure was not their fault (their signing certs were not affected IIRC).
Now if there had been a problem with their signing certificates then I would have expected them to revoke anything affected for free and offer replacements similarly at no cost.
OK, they could have done that anyway (or perhaps offered a discount on the revoke charge) as an good will gesture, but they didn't, so what.
Leaving aside the question of whether their response was reasonable (I see the arguments either way), it turned out that using their service to secure your website was not free.
> it turned out that using their service to secure your website was not free
All they claim is to provide free certificates for non-commercial use, and that they do provide. If people read something else into that it isn't because they were deliberately led to.
Though many people picking up a cert without really knowing the infrastructure won't know about revocation infrastructure and such so might have mislead themselves by having not read the Ts&Csm.
actually, what i think is.. they're as near 'free' as it gets, probably. at least there's no up front cost using them. then its a lottery as to when u need to pay them to revoke... it could still end up cheaper than paying yearly fees for other certs, i imagine.. total cost of ownership or something..
Now if there had been a problem with their signing certificates then I would have expected them to revoke anything affected for free and offer replacements similarly at no cost.
OK, they could have done that anyway (or perhaps offered a discount on the revoke charge) as an good will gesture, but they didn't, so what.