Follow-up on @letsencrypt: I am not so optimistic about it as the folks who replied to my previous inquiry. It seems pretty unstable (for example, they just broke all currently installed versions on the 9th!), and a lot of stuff doesn't even work out-of-the-box...
I'd be totally fine with it if it seemed like this was a tightly run ship, but it's not. It seems like most other web stuff, which is to say, there's plenty of failure modes and they don't spend a lot of time making sure things are simple and robust.
-
-
It takes about 15 minutes to manually deploy a 3 years certificate on a site, and that pretty much can't fail for 3 years :) Replacing that with a touch-and-go maybe-the-site-goes-down-every-90-days procedure seems like a really bad idea to me.
-
After years working with this I must say, sir you are wrong.
End of conversation
New conversation -
-
-
That's totally fair. I've been using it with acme-client for a couple of years now and have been satisfied with it, but there is always the looming possibility of things breaking in a bad way where even two months of time to fix it is not enough.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Main concern with certs that remain valid for more than a year is that they don't really provide a satisfying amount of certainty that they haven't been compromised towards the end of their life span. When it comes to encryption best practice is to always limit the time window.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.