| ▲ | dashdashu 3 days ago | |
domain name being arguably the most difficult thing here as it requires some interaction for at least payment. Certificates you can fully automate nowadays with LetsEncrypt and certbot or even managed by AWS no problem | ||
| ▲ | superkuh 3 days ago | parent [-] | |
Nah, LE and ACME only hides the enormous complexity of CA TLS certs. And if they'd set it up when LE came out then it'd have stopped working by now because acme protocol doesn't work with LE anymore. Only acme2 protocol works. This is just one example. There's also the 4 times the LE root certs have expired in the last ~7 years. Not even thinking about all the certbot or acme client issues that can happen. Unmantained HTTPS with CA TLS only has a lifetime of a couple years at best. Sometimes just a few months. Not that it'd be bad to have, but for a long living website you have to do HTTP+HTTPS. Not just fragile CA TLS HTTPS only. | ||