←back to thread

Let's Encrypt is 10 years old now

(letsencrypt.org)
489 points gslin | 1 comments | 20 Nov 24 06:13 UTC | HN request time: 0.275s | source
Show context
mrtksn ◴[20 Nov 24 07:49 UTC] No.42191644[source]
Hands down one of the greatest services out there, stopped a racket and made the internet secure.

I remember a time when having an HTTPS connection was for "serious" projects only because the cost of the certificate was much higher than the domain. You go commando and if it sticks then you purchase a certificate for a 100 bucks or something.

replies(5): >>42191676 #>>42192385 #>>42192827 #>>42192905 #>>42193198 #
1. christophilus ◴[20 Nov 24 12:14 UTC] No.42193198[source]
I had a lazily configured proxy which would request a cert for any domain you threw at it. An attacker figured this out and started peppering it with http requests with randomly generated subdomains prefixed. When I discovered it, my first thought wasn’t, “Oh, I hope I didn’t get flagged by Let’s Encrypt.” It was, “Oh, man. I feel really bad that my laziness caused undue load on Let’s Encrypt.”

Let’s Encrypt is the best thing to happen to the web in at least a decade.