Since certificates are updated every 90 days, and failing to get an updated certificate would effectively take down your site, I'm really uncomfortable using something like this for security... it seems unreliable and not designed for guaranteed uptime?
-
-
Show this thread
-
Add that to the fact that its not really a compact, clean executable, but a sprawling mess of Python scripts, and I'm just not getting that positive vibe :( It seems like this will _add_ failure points into the process rather than removing them.
Show this thread
End of conversation
New conversation -
-
-
So I'm not hyped about the "sprawling python" implementation situation, but one of the security concerns it turned to address is the old cert no one knows how to rotate problem. By making constant rotation intrinsic to deployment it aims to keep things current.
-
Depending on how many domains, hosts, and people you are managing you may totally not find it worthwhile compared to a traditional long term cert. Especially if you're comfortable rotating when actually necessary. I think this is totally fine!
End of conversation
New conversation -
-
-
Have you tried
@caddyserver ? They have build in https via let's encriptThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
LE didn't break "all currently installed versions" --
@caddyserver, for example, didn't break; it was robust to disabling tls-sni challenge. I highly recommend using it.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.