Happy birthday to Let’s Encrypt !

Huge thanks to everyone involved in making HTTPS available to everyone for free !

  • fiendishplan@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    24 days ago

    I worked for a company we had 300 websites, the boss wanted to buy certs. I told him about Lets Encrypt. He loved the idea it saved us a bunch of money. I suggest we donate $100 to them. Hes says “NO F-ing way!”.

  • 0x01@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    25 days ago

    Man I love let’s encrypt, remember how terrible ssl was before the project landed?

  • kaotic@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    24 days ago

    A client of mine pays for an SSL cert he doesn’t even use. I’ve told him before I moved him to Let’s Encrypt because I was able to automate the renew process. He decided he needed to continue paying for the SSL cert. I told him we are not using it, but he doesn’t believe me. So he continues to pay for it.

  • jagged_circle@feddit.nl
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    24 days ago

    Lots of people shitting on stories of people who buy certs.

    You do still have to buy a cert if you want one for a .onion. Let’s encrypt still doesn’t support it :(

  • DigitalDilemma@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    25 days ago

    Sleeping too well lately? Consider this:

    If LetsEncrypt were to suffer a few weeks outage, how much of the internet would break?

      • DigitalDilemma@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        24 days ago

        It won’t be that simple.

        For starters, you’re assuming t-zero response. It’ll likely be a week before people worry enough that LE isn’t returning before they act. Then they have to find someone else for, possibly, the hundreds or thousands of certs they are responsible for. Set up processes with them. Hope that this new provide is able to cope with the massive, MASSIVE surge in demand without falling over themselves.

        And that’s assuming your company knows all its certs. That they haven’t changed staff and lost knowledge, or outsourced IT (in which case they provider is likely staggering under the weight of all their clients demanding instant attention) and all that goes with that. Automation is actually bad in this situation because people tend to forget how stuff was done until it breaks. It’s very likely that many certs will simply expire because they were forgotten about and the first thing some companies knows is when customers start complaining.

        LetsEncrypt is genuinely brilliant, but we’ve all added a massive single point of failure into our systems by adopting it.

        (Yeah, I’ve written a few disaster plans in my time. Why do you ask?)

        • Zangoose@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          23 days ago

          Piggybacking off this comment because I completely agree with it.

          Did we not learn anything from CrowdStrike? If a comparatively simple fix was able to wipe out half the world, how would something that requires an active choice (where to get certs from) not completely cripple all of our infrastructure?