Stories
Slash Boxes
Comments

SoylentNews is people

Let's Encrypt - Looking at the Recent Past and Forward to 2018

posted by martyb on Tuesday March 06 2018, @11:49PM   Printer-friendly
from the green-padlock dept.

An Anonymous Coward writes:

In this short article Let’s Encrypt lists challenges ahead, like service growth, new features and infrastructure and finances.

Let’s Encrypt had a great year in 2017. We more than doubled the number of active (unexpired) certificates we service to 46 million, we just about tripled the number of unique domains we service to 61 million, and we did it all while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 46% encrypted page loads to 67% according to statistics from Mozilla - a gain of 21 percentage points in a single year - incredible. We’re proud to have contributed to that, and we’d like to thank all of the other people and organizations who also worked hard to create a more secure and privacy-respecting Web.

I think Let's Encrypt is a great service. Want to share your war story? Can you think of any downsides or threats related to all this?

[Ed note: SoylentNews uses Gandi for "soylentnews.org" and uses LetsEncrypt for all other domains and subdomains. --martyb]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Let's Encrypt - Looking at the Recent Past and Forward to 2018 | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by TheRaven on Wednesday March 07 2018, @10:13AM (3 children)

    by TheRaven (270) on Wednesday March 07 2018, @10:13AM (#648939) Journal
    Why are other certs failing to auto-renew? I'm using Let's Encrypt with the default acme-client config, which renews the certs in a weekly cron job. The certs have a 3-month lifetime, so auto-renew needs to fail a lot of times before I need to care.
    --
    sudo mod me up
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by The Mighty Buzzard on Wednesday March 07 2018, @11:12AM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Wednesday March 07 2018, @11:12AM (#648948) Homepage Journal

    Not certain. I only notice they've failed either when I get an email that a cert is about to expire or when I don't and it already has expired. I haven't had the time to do any serious digging into the "why" the past couple times. I really didn't have the time to renew them manually but I went ahead and did anyway.

    --
    My rights don't end where your fear begins.

  • (Score: 2) by Pino P on Thursday March 08 2018, @01:41AM (1 child)

    by Pino P (4721) on Thursday March 08 2018, @01:41AM (#649269) Journal

    The most common reason I've seen for failure to renew a certificate is when Certbot fails to update itself and the dependencies in its virtualenv. This happens quite often.

    • (Score: 3, Informative) by TheRaven on Thursday March 08 2018, @02:42PM

      by TheRaven (270) on Thursday March 08 2018, @02:42PM (#649497) Journal
      I'm glad that I use acme-client [kristaps.bsd.lv] instead then. Sticking the whole of Python and a bunch of modules in the path for getting certs signed sounds insane, why would anyone do that? And in exchange for all of those dependencies, you get something that has access to your filesystem and talks to the network and is a big red target for attackers.
      --
      sudo mod me up