Actually long lived certificates can have their own problems (Eg: Symantic SSL apocalypse).
Let's Encrypt eschews long lived certificates for short ones as a security and operations design feature, rather than a bug. It forces them to be renewed regularly which is good for security, and encourages automation. Unfortunately their renewal app wasn't compatible with the server hardening I'd implemented so I've been diligently doing the renewal manually every ~85 days making sure it worked. Initially it was quite complicated but I've refined it to now work seamlessly and it can actually be automated - I was just being a scaredy cat wanting to actually watch it each time and make sure it worked. It's been fine for the last year and worked without fail so I'll make sure the next renewal is automated and hands off.
Money is not the issue, it was a technology stack / implementation choice. Shouldn't happen again
Let's Encrypt eschews long lived certificates for short ones as a security and operations design feature, rather than a bug. It forces them to be renewed regularly which is good for security, and encourages automation. Unfortunately their renewal app wasn't compatible with the server hardening I'd implemented so I've been diligently doing the renewal manually every ~85 days making sure it worked. Initially it was quite complicated but I've refined it to now work seamlessly and it can actually be automated - I was just being a scaredy cat wanting to actually watch it each time and make sure it worked. It's been fine for the last year and worked without fail so I'll make sure the next renewal is automated and hands off.
Money is not the issue, it was a technology stack / implementation choice. Shouldn't happen again
- Status
- This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.