←back to thread

512 points gslin | 1 comments | | HN request time: 0.208s | source
Show context
mrtksn ◴[] No.42191644[source]
Hands down one of the greatest services out there, stopped a racket and made the internet secure.

I remember a time when having an HTTPS connection was for "serious" projects only because the cost of the certificate was much higher than the domain. You go commando and if it sticks then you purchase a certificate for a 100 bucks or something.

replies(5): >>42191676 #>>42192385 #>>42192827 #>>42192905 #>>42193198 #
dachris ◴[] No.42191676[source]
There's still enough people out there who don't know better, manually (or auto-renew) purchasing new a certificate every year from their hosting provider like it's 2013.
replies(7): >>42191711 #>>42191799 #>>42191800 #>>42191829 #>>42191872 #>>42191976 #>>42192618 #
karel-3d ◴[] No.42191976[source]
I have dealt with banking environment when they required SSL with at least 1-year validity on the callback API URL. Which excluded Let's Encrypt.

We were looking for a SSL provider that had > 1 year old certs AND supported ACME... for some reason we ended up with SSL.com that did support ACME for longer lasting certs; however, there was some minor incompatibilities in how kubernetes cert-manager implemented ACME and how SSL.com implemented ACME; we ended up debugging SSL.com ACME protocol implementation.

Fun. We should have just clicked once per 3 years, better than debugging third parties APIs.

No, I don't remember the details and they are all lost in my old work emails.

(Nowadays I think zerossl.com also supports ACME for >1 year certs? but they did not back then. edit: no they still don't, it's just SSL.com I think)

replies(3): >>42192077 #>>42192133 #>>42197885 #
merb ◴[] No.42197885[source]
Globalsign and digicert have acme support.
replies(1): >>42201487 #
1. karel-3d ◴[] No.42201487[source]
Hm, I have no idea why we didn't pick tgem back then. I see it now. Maybe it was too expensive? I don't remember the reasoning at this point