←back to thread

LetsEncrypt – Expiration Notification Service Has Ended

(letsencrypt.org)
181 points zdw | 1 comments | 30 Jun 25 04:49 UTC | HN request time: 0.208s | source
Show context
whatever1 ◴[30 Jun 25 08:51 UTC] No.44420959[source]
Is it the right time to rant about the cert expiration as a concept? I understand why certs might be revoked. But expire?
replies(7): >>44421005 #>>44421014 #>>44421298 #>>44421364 #>>44421391 #>>44421714 #>>44421852 #
1. borplk ◴[30 Jun 25 08:57 UTC] No.44421014[source]
At a minimum I consider it like an automatic "garbage collection" mechanism that prevents dead and abandoned things to remain "valid forever".

It also helps with things such as change of ownership so after a certain period of time you can have the peace of mind that certs potentially issued by the previous owners are not lingering around as active (I understand things such as revoking and pinning can help with this too but It's nice to have a plain time based expiry too).