←back to thread

Six day and IP address certificate options in 2025

(letsencrypt.org)
197 points SGran | 3 comments | 16 Jan 25 15:36 UTC | HN request time: 0.633s | source
Show context
rickette ◴[16 Jan 25 19:32 UTC] No.42729799[source]
Kinda funny to call the current 90 day certs "long lived". When Let's Encrypted started out more than 10 years ago most certs from major vendors had a 1 year life span. Let's Encrypt was (one of) the first to use drastically shorter life spans, hence all the ACME automation effort.
replies(3): >>42730254 #>>42730324 #>>42735256 #
ryandrake ◴[16 Jan 25 20:10 UTC] No.42730254[source]
To someone like me with hobby-level serving needs, the 90 day certificate life is pretty inconvenient, despite having automation set up. I run a tiny VPS that hosts basic household stuff like e-mail and a few tiny web sites for people, and letsencrypt/certbot automation around certificate renewal is the only thing that I seem to need to regularly babysit and log in to manually run/fix. Everything else just hums along, but I know it's been 90 days because I suddenly can't connect to my E-mail or one of the web virtual hosts went down again. And sure enough, I just need to run certbot renew manually or restart lighttpd or whatever.
replies(16): >>42730288 #>>42730534 #>>42730907 #>>42731093 #>>42731446 #>>42731761 #>>42731830 #>>42731926 #>>42731977 #>>42732175 #>>42732403 #>>42732552 #>>42733057 #>>42733861 #>>42734330 #>>42735479 #
1. outworlder ◴[16 Jan 25 22:33 UTC] No.42731761[source]
> To someone like me with hobby-level serving needs, the 90 day certificate life is pretty inconvenient

I's only inconvenient because it isn't properly automated. That's by design.

When this can be a acme.sh script cronjob, there isn't much of an excuse. Even my Raspberry Pi dedicated to my 3D printer is happily renewing certificates.

At least with this thing breaking every 90 days you have it fresh on your mind. One year away you may not even remember what you have to do.

Needless to say, you have a bug to fix.

replies(1): >>42733851 #
2. theoreticalmal ◴[17 Jan 25 03:41 UTC] No.42733851[source]
What does your 3D printer Pi serve such that it needs a cert? Do you have ports 80 and 443 open and forwarded to it?
replies(1): >>42743536 #
3. sanswork ◴[17 Jan 25 21:36 UTC] No.42743536[source]
I run certs on all my internal services so I don't have to deal with this isn't secure errors in the browser when working on things.