Let's Encrypt is 10 years old now

(letsencrypt.org)

543 points gslin | 1 comments | 20 Nov 24 06:13 UTC | HN request time: 0.212s | source

Show context

pests ◴[20 Nov 24 07:45 UTC] No.42191619[source]▶

>>42191228 (OP) #

It feels like just yesterday I was paying for certs, or worst, just running without.

Can't believe its been ten years.

replies(1): >>42191666 #

ozim ◴[20 Nov 24 07:52 UTC] No.42191666[source]▶

>>42191619 #

Can’t believe there are still anti TLS weirdos.

replies(7): >>42191688 #>>42191718 #>>42191893 #>>42192714 #>>42192733 #>>42193057 #>>42193614 #

guappa ◴[20 Nov 24 13:09 UTC] No.42193614[source]▶

>>42191666 #

My letsencrypt cert, despite all my attempts, works fine with browsers but WILL NOT work with wget/curl/python/whatever.

Plus setting up letsencrypt isn't really really easy. Last time it was failing because I had disabled HTTP on port 80 entirely on my server… but letsencrypt uses that to verify that my website has the magic file. So I had to make a script to turn it on for 5 minutes around the time when the certificate gets renewed. -_-'

None of this is easy or quick, and people have other stuff to do than to worry about completely hypothetical attacks on their blog.

replies(2): >>42193779 #>>42203961 #

mmsc ◴[20 Nov 24 13:31 UTC] No.42193779[source]▶

>>42193614 #

>letsencrypt uses that to verify that my website has the magic file.

So, instead, use the other authentication methods. For example, DNS.

replies(1): >>42194090 #

guappa ◴[20 Nov 24 14:15 UTC] No.42194090[source]▶

>>42193779 #

Is that easier to configure? (no it isn't)

replies(1): >>42195180 #

1. mmsc ◴[20 Nov 24 16:03 UTC] No.42195180[source]▶

>>42194090 #

Setting a single DNS record which doesn't need to be change is more difficult than setting a crontab to open port 80 "around the time you expect the ACME challenge"?

How's that?

↑