HN

Need help?
<- Back
Many Let's Encrypt renewals had errors today

Many Let's Encrypt renewals had errors today

widdakay

Comments (93)

  • jaas
    Let's Encrypt has been working normally for most of the day. There was a ~90 minute period during which some of our users would have received a higher error rate due to upstream networking issues, but the majority of requests were successful even during that period.It seems our status.io notes are being misinterpreted as much more severe than they were intended to reflect.Edit: Note that this was written in response to a previous submission title implying that Let's Encrypt was entirely down most of the day.
  • dlcarrier
    That explains why one of my IoT vendors is using an expired certificate.I wish Firefox would just give a mild warning for a recently expired certificate, instead of treating it the same as a true man-in-the-middle attach. It's not like someone who couldn't factor the private key in 200 days could in 201 days or even 300 days.I'm convinced that we'd have better security, if we didn't have so much security theater. You'd think TLS is useless, from the warning my phone gives if I connected to a public Wi-Fi AP, but then again there's nothing in TLS (or WPA) that prevents it from being used in a way that is completely useless: https://www.youtube.com/watch?v=M1si1y5lvkk
  • Kesseki
    To be clear, “Degraded Performance” means just that, not “down.” Let’s Encrypt’s issuance is mostly working fine.
  • saagarjha
    Seems not ideal for an entity who seems to be pushing for shorter expiration periods all the time
  • pibaker
    What are the viable alternatives to LE? And in case none exists, what does it take to build one?Requirements: free, available to everyone, automation friendly, issues certificates that are actually considered trustworthy by other parties.
  • ardeaver
    I realize this is very much not the point, but the fact that the "Active Incident" banner is green is upsetting.
  • nubinetwork
    It's a good thing that acme clients try to renew early, rather than leaving it to the last minute...
  • po1nt
    Let's encrypt is a single point of failure for a large percentage of the internet.
  • drsalt
    thats too bad
  • tomalbrc
    [flagged]
  • hermeticlock
    :(