I figure there should exist alternatives to LE, otherwise they're a pretty big target. If anything too harmful happened to LE what would it's users do? I don't know enough about it, but right now they're going to be the only player in the free SSL certs market which puts them in a scary enough location.
Agreed – Also, Let's Encrypt goes against the mission of a lot of very advanced bad actors (governments who lose out by the increased "going dark" issue) – so they're a juicy target for all these governments.
Hopefully there are a few other alternatives that just make their money on EV certs instead.
The good news is that part of Let's Encrypt's mission is to make it easier for all CA's to offer similar services through things like the ACME protocol. The ISRG's ultimate goal (right now) is for https to be the default, not the exception. I don't get the impression they care much which CA has the biggest piece of the pie.
By my estimation, Lets Encrypt has at least 16 million dollars in annual sponsorship.[1][2] That's quite a bit of money, but I wonder how much of it goes to operations, versus other overhead of various kinds (legal, marketing, administrative).
Many of our clients are excited about LE, and as we figure out how to support it without disrupting our infrastructure too much, it's concerning to imagine that there's substantial daily risk that 4-5 certs will fail to renew.
I suppose since it's free and automated, you just renew a month earlier than required.
That's their idea-- the reference client (by default) will renew any certificates expiring within 30 days, and they recommend you script it to run at least daily. That gives it many opportunities to retry in case of network problems or server outages (on your end or on theirs).
Isn't the "DNS errors causing service disruption" an old incident from April 6th?
There is something strange going on at the moment, though, but not sure it has to do with DNS. I actually tried set up my first cert about 10 hours ago with Let's Encrypt, and got a variety of ungraceful errors with the same configuration. Only one was related to DNS. Most were code 500 from the api servers.
April 14, 2016 12:47PM MDT
April 14, 2016 6:47PM UTC
[Investigating] We have noticed an increased number of errors. We are investigating now.
April 14, 2016 1:21PM MDT
April 14, 2016 7:21PM UTC
[Resolved] Systems have fully recovered and all services appear to be operating nominally. Cause seems to have been a transient hardware failure and further investigation is under way.
Or at least the most recent issue... they both marked it as resolved and "further investigation is under way". Should be "investigating/monitoring" instead?
I don't know what the exact title should be. If you see here, https://letsencrypt.status.io/pages/history/55957a99e800baa4... , there's a "Investigating interruption of issuances" event from yesterday.
I had problem with getting certificates yesterday. Seems to be working today, but I just thought it's interesting to see what happened.
I have wondered many times, so let me just ask it, Why not platform providers like Microsoft, Google or Apple are also secure certificate providers ? Is not will it be immensely easier for both party ?
I believe this issue was originally reported via Twitter, here: https://twitter.com/_rsc/status/717777241296543744 -- and that for the most part things are working, but there are just occasional errors.
[+] [-] giancarlostoro|10 years ago|reply
[+] [-] atonse|10 years ago|reply
Hopefully there are a few other alternatives that just make their money on EV certs instead.
[+] [-] lowmess|10 years ago|reply
[+] [-] ultramancool|10 years ago|reply
[+] [-] jldugger|10 years ago|reply
Many of our clients are excited about LE, and as we figure out how to support it without disrupting our infrastructure too much, it's concerning to imagine that there's substantial daily risk that 4-5 certs will fail to renew.
I suppose since it's free and automated, you just renew a month earlier than required.
[1] https://letsencrypt.org/sponsors/ [2] https://letsencrypt.org/become-a-sponsor/
[+] [-] JonathonW|10 years ago|reply
[+] [-] aparadja|10 years ago|reply
There is something strange going on at the moment, though, but not sure it has to do with DNS. I actually tried set up my first cert about 10 hours ago with Let's Encrypt, and got a variety of ungraceful errors with the same configuration. Only one was related to DNS. Most were code 500 from the api servers.
[+] [-] viraptor|10 years ago|reply
[+] [-] antouank|10 years ago|reply
[+] [-] iamgopal|10 years ago|reply
[+] [-] ikeboy|10 years ago|reply
[+] [-] nereid666|10 years ago|reply
[+] [-] mholt|10 years ago|reply
[+] [-] esterly|10 years ago|reply
[+] [-] mehrzad|10 years ago|reply
[+] [-] pg_is_a_butt|10 years ago|reply
[deleted]
[+] [-] roblooman|10 years ago|reply
[deleted]
[+] [-] zmarty|10 years ago|reply