As some of you may know, we have SSL certificates on many of our servers and services that make use of CACert as a certificate authority. Some time ago we changed the certificates for our accounts pages and ordering pages, and now we have also obtained certificates for many of our web servers under aa.net.uk. These use a "known" CA and so no longer cause the same warning in browsers if you do not have the CACert root certificate. They are no more secure as a result of this change, and in some ways are slightly less secure, but this avoids the warnings and so we have bowed to the "protection racket" that is certificate signing. The new certificates do not cover use of aaisp.net.uk based domains.
Ironically this change has caused some concern amongst customers. However, it should generally mean less queries on the matter.
As a result we are gradually changing URLs used for some things, e.g. ordering is now on order.aa.net.uk not www.s-s-l.co.uk. We will soon be changing the accounts pages over as well, probably to accounts.aa.net.uk, but wil be keeping the old URL as well for the time being.
At the moment SSL based email servers (web and TLS on SMTP, IMAP, etc) are not changing, and will continue with CACert based certificates.
in the long term we expect DANE to take over from CA certificates, and we plan to have proper DANE support for our secure web sites soon.
Sorry for any concern caused.