Let's Encrypt is 10 years old now

(letsencrypt.org)

495 points gslin | 1 comments | 20 Nov 24 06:13 UTC | HN request time: 0.212s | source

Show context

pests ◴[20 Nov 24 07:45 UTC] No.42191619[source]▶

>>42191228 (OP) #

It feels like just yesterday I was paying for certs, or worst, just running without.

Can't believe its been ten years.

replies(1): >>42191666 #

ozim ◴[20 Nov 24 07:52 UTC] No.42191666[source]▶

>>42191619 #

Can’t believe there are still anti TLS weirdos.

replies(7): >>42191688 #>>42191718 #>>42191893 #>>42192714 #>>42192733 #>>42193057 #>>42193614 #

guappa ◴[20 Nov 24 13:09 UTC] No.42193614[source]▶

>>42191666 #

My letsencrypt cert, despite all my attempts, works fine with browsers but WILL NOT work with wget/curl/python/whatever.

Plus setting up letsencrypt isn't really really easy. Last time it was failing because I had disabled HTTP on port 80 entirely on my server… but letsencrypt uses that to verify that my website has the magic file. So I had to make a script to turn it on for 5 minutes around the time when the certificate gets renewed. -_-'

None of this is easy or quick, and people have other stuff to do than to worry about completely hypothetical attacks on their blog.

replies(2): >>42193779 #>>42203961 #

1. ozim ◴[21 Nov 24 13:08 UTC] No.42203961[source]▶

>>42193614 #

Not really hypothetical.

Google "isp injecting ads", well most of it is from 10 years ago - but that is because now we have TLS everywhere.

And it is not attack on your blog but on readers of your blog, well your blog gets the blame of course in case they would be infected by malware or see adult ads.

↑