Adding SSL to website

Soldato
Joined
3 Aug 2012
Posts
2,500
Location
Second Star to the Right
I don't really see why you think it's a huge problem personally, or why it detracts from Lets Encrypt's legitimacy. They've been open and honest about the problem and fixed it very quickly once they found the issue. Yes, it's mildly irritating having to manually renew certificates (which I had to do), but I think it could be much worse leaving potentially dodgy certificates out there. Only took me 5 minutes to renew the certificates for all my hosts. Not a big deal and from now on it'll go back to automatically renewing every 3 months.
 
Man of Honour
Joined
31 Jan 2004
Posts
16,335
Location
Plymouth
No at all dude we all get it wrong, we are human. I guess the difference is simply time. One gave 24 hours notice the other had quite a bit more.
I don't wish to press the point, but honestly you're completely wrong here.

I admit the link I posted wasn't the clearest, but the summary is that Symantec were systemically issuing certificates for domains they didn't properly validate, then failed to bother to fix it over a huge period of time, leading to Google kicking them out.

It affected millions of certificates they issued (Symantec, Thawte, Geotrust and RapidSSL) and was so bad that Symantec effectively gave up their certificate business, selling it to a competitor in 2017.

I wouldn't have had any issue at all and wouldnt have posted but remembered that im a mug and an idiot as I was reading the article. :D
You're clearly not an idiot but SSL is complex, I'd be lying if I said I was an expert.

Projects like Let's Encrypt bring security to the web for everyone, including those who otherwise couldn't afford it, which can only be a good thing.

On another note, Tsohost are having fun with this Let's Encrypt issue, using it to push their own certificates on their Twitter:

Tsohost Twitter said:
We of course do provide SSL certificates for the entire year which can be ordered from within your client area or our website. On these we can guarantee no revokes, smooth renewals and also come with a warranty where the cheapest SSL covers up to a cost of £100.000.
Nobody can guarantee no revokes, especially given the Symantec situation! Obviously not saying that Tsohost would have the same issue but the point is a precedent has been set, ie that the community will act to enforce CA rules. Rules which were probably co-written by Tsohost (Godaddy) given that Godaddy are a founding member of the CA....


I replaced all our affected Let's Encrypt certs last night with little drama, touch wood. I guess I'll find out at 8pm tonight when the old ones are revoked :D
 
Soldato
Joined
28 Oct 2006
Posts
12,456
Location
Sufferlandria
I guess the difference is simply time. One gave 24 hours notice the other had quite a bit more.

For this type of thing, less notice is better.
Sure, it's a pain for all of us that need to manage certificates but it's much better to get things disclosed and resolved as soon as possible.
 
Man of Honour
Joined
31 Jan 2004
Posts
16,335
Location
Plymouth
Back
Top Bottom