(letsencrypt.org)

181 points zdw | 1 comments | 30 Jun 25 04:49 UTC | HN request time: 0.2s | source

Show context

whatever1 ◴[30 Jun 25 08:51 UTC] No.44420959[source]▶

>>44419496 (OP) #

Is it the right time to rant about the cert expiration as a concept? I understand why certs might be revoked. But expire?

replies(7): >>44421005 #>>44421014 #>>44421298 #>>44421364 #>>44421391 #>>44421714 #>>44421852 #

1. unilynx ◴[30 Jun 25 08:55 UTC] No.44421005[source]▶

>>44420959 #

Can't remove a certificate from the revocation lists until it's expired, leading to boundless growth of those lists.

Risk of private keys/certificates from old backup media being leaked (remembering the adobe password leak...) and then suddenly coming back online and working until someone figures out how to revoke them

↑

LetsEncrypt – Expiration Notification Service Has Ended