Using old compromised certificates is a legitimate MITM attack vector.

Which would make sense if they were valid for 10 years and somebody forgot about them. Not when they’re valid for, what is it now, 40 days?

smashed 5 hours ago | parent | next [-]

An official government source is teaching users to ignore security warnings about expired certificates.

Mistakes happen, some automation failed and the certs did not renew on time, whatever. Does not inspire confidence but we all know it happens.

But then to just instruct users to click through the warning is very poor judgement on top of poor execution.

This was the predictable outcome of shortening certificate length validity to appoint where they are now.

	▲	lynndotpy 5 hours ago \| parent \| next [-]
		No, because that's not what happened here. The certificate they failed to renew was issued 2025-Mar-20th, and expired 2026-Mar-20th. That is a 365 day cert. The maximum length for a new cert is now 200 days, with the 47 day window coming in three years: https://www.digicert.com/blog/tls-certificate-lifetimes-will...
	▲	HackerThemAll 3 hours ago \| parent \| prev [-]
		Have you heard of automation? Cron? Certbot? You can schedule cert renewal and it happens automatically. It could be refreshed every 1 day, I don't care. The fact that it's so painful for you means you need to learn a bit more.

lynndotpy 5 hours ago | parent | prev [-]

The certificate they failed to renew was valid for 365 days. You can check this in any modern desktop browser.