top | item 46281387

(no title)

Because when they eventually get their wet dream of 7-day renewals, everyone replies upon them once a week. LE being down for 48-hours could take out a big chunk of the Internet.

Certificates have historically been a "fire and forget" but constant re-issuance will make LE as important as DNS and web hosting.

discuss

phasmantistes|2 months ago

FWIW, we're acutely aware of the operational risks of super short lifetimes and frequent renewals. That's why our `shortlived` profile is clearly documented as only being appropriate for orgs that have high operational maturity and an oncall rotation. We carry pagers too, and if LE goes down for 48 hours, we'll be desperately trying not to take out a huge chunk of the Internet.

bigbuppo|2 months ago

The solution is to get rid of CAs entirely.

ferngodfather|2 months ago

Yeah, I completely agree. I'm not sure what the solution is, but this ain't it.

cedilla|2 months ago

More forget than fire.

The longer certificates were valid the more often we'd have breakage due to admins forgetting renewal, or how do install the new certificates. It was a daily occurrence, often with hours or days of downtime.

Today, it's so rare I don't even remember when I last encountered an expired certificate. And I'm pretty sure it's not because of better observability...