Viewing a single comment thread. View all comments

emma wrote (edited )

Up until 2015 or so, you had to buy certificates from companies who made the process of renewing a cert miserable. When Let's Encrypt opened to the public, you'd typically install an ACME client on your server to handle the renewal automatically.

But as it turns out, sometimes your cron jobs break, and the sysadmin is too busy making jokes about poop to care about the expiry warning emails. This is what happened in the case of Raddle.

Also automatic cert issuing needs to verify site ownership, and this can break too (e.g. if a cert covers many (sub)domains, and one of these domains is removed).

7

voxpoplar wrote

Also as I discovered at one point: Let's Encrypt certs only last a few months so even if auto-renewing is working make sure to actually restart your webserver every once in a while so it actually takes in the new cert when the cert is updated.

5

twovests OP wrote (edited )

ahh this makes sense. i appreciate the informative response :D

i believe my places sysadmin also had an overbearing obligation to make jokes about poop, it happens

4