rotten news relay - comp.misc - Re: 6-day TLS certificates from Let's Encrypt

Subject: 6-day TLS certificates from Let's Encrypt
From: Salvador Mirzo
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Wed, 11 Dec 2024 23:27 UTC

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: smirzo@example.com (Salvador Mirzo)
Newsgroups: comp.misc
Subject: 6-day TLS certificates from Let's Encrypt
Date: Wed, 11 Dec 2024 20:27:37 -0300
Organization: A noiseless patient Spider
Lines: 11
Message-ID: <877c85reae.fsf@example.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 12 Dec 2024 00:27:38 +0100 (CET)
Injection-Info: dont-email.me; posting-host="e88128b70b601236abbe8acbed1b8eee";
logging-data="1870736"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19G12tPWWlnnGrZdZT8/CriTgIAvWlmWCg="
Cancel-Lock: sha1:UXyXT6UuTprl1orP12foITxfOGo=
sha1:7iPgyohBKrn6yb4oazjkvjlPAyU=

View all headers

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: D
Newsgroups: comp.misc
Date: Thu, 12 Dec 2024 00:12 UTC
References: 1

Injection-Date: Thu, 12 Dec 2024 00:15:01 +0000 (UTC)
Newsgroups: comp.misc
Date: Thu, 12 Dec 2024 00:12:23 +0000
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!news.neodome.net!mail2news
From: noreply@mixmin.net (D)
Comments: This message was transferred to Usenet via mail2news gateway at
<mail2news@neodome.net>. Please send questions and concerns to
<admin@neodome.net>. Report inappropriate use to <abuse@neodome.net>.
Injection-Info: neodome.net;
posting-account="mail2news";
key="lszBPgcr12HUbo3odi+Apu3OLJ+m9466Pbv3ao0YW26kXNdhUZf2zOa0xG1BOm67f5/v/c
3BxiXhpVmplQE7dVfWceLddIRE1kWwZiFKPizLlFD5ZdzFmKWKvWRF2uIxYNeIjdB0zjcU4oKWj
h7rq0BS6jGkgHjcesC8PNUbhOGbp6KaUhWGIcS0AU4Yfip+ZQa0obdUTtbcnzDp5+Pe97m+f0im
CmOtyaCSmDcU4UHAtd/Bs4N2sTbozqtHAK4SyKYoDewbHXlNuuvVdDQ6p97JOmOOk7ibN2kJJbr
JuVu88E7ZI8pUo2we8690LkF8zrIWr2yat+ioiRSWEHdGQg==";
data="U2FsdGVkX1+F5ahtoW1VNnW/ztV/ITBHLEBUXYG2BK57wB54fdKgvFDkS+il81xbb0BM9
2xtsgFeVf2pSA9qRa6zd47JA3TkFFmHp1B4OKlUeCC2ZcEGSgdgU4Ph0tNrmuZ0B/KK6ccQHP2v
/kOa2Yew1tJIuNidNlWRSASRtUbQWzQi6lJPVF+Yyq27TsYzpurIBliBgvRcVEnmcuhNkVZ835i
S74uhgAXEIdxtI8kHYpFQFxC5fafQ2+QlYcuHP3EK0g8zw28LwoirUxjBvLf2MUQJxG8mGMWKCN
TwD4iCjXhyB3n2k2dhUXtus0bNLjwincmRfLiZ+dH4pBUTK+Comucawuq51/oC+oq6EdUcAwMpc
LrAshe1x9JW8n6X0OwDoJijk6F9tOUo+nf1KIccG0/LK1ormwt7v7uSSAC7CNrBRUi3lEChR0S+
v+XyrPOxNIeYe4i34OHoaCYuaE2Zn5mjSfn8+tCUDQcc3iKTsHC34MwO0OBYLQDU74X16DOFNBH
AbjlERoZHhUkWL8odFM5N2dng2NomnvzPhoX0c9DORfJeWO4lF9lN4HSHodPCSNfWtJ7+3xaOGR
ER63B2sgZzWIgVhZ9TvdeFKlSNRNLesdvBWribJa8MRn4BM+4i2Sq3TCY0lQGhjEQ/BgRDqkWN9
1vhgk1eJ3OINJLjFfgjQv1ojNiBBpFl5gUzeH0yITNLLQInMlISrPL4xwG1b1v286Ixu1PwHSLv
xa9obKRGOmPZynPRqWY4cXOPx/BFu0eAz7bC+ll21Onyj+yUGHdrwx6NrI4LK9gTJqU9kou04pe
5U9IznemE2+vRnvlnwhsgyQRGis2qRzlgIozqJQScg27jiBPSMYyBF6T2DBSCMF/aJAKwlPtOsu
vUCR7NJ5mXLwTf856nlbQZ+luoRR1lHuFrvRGtq7MlwucOI3CDWszXl9E1+NNbbPvzgbraSaOAb
N5idDhkL2cbvvaQGL043oPGVfIKN5r62TojK08anZAUAQDF3YbiDBd4D/iSd/gO+7ICmorvhIxS
cyXZlrXPHM+mtPkwTKchBaZQMfH8Jd6NI9t3x1dzQs+9NEr9QFvcV/ZoscgiDnxZqQsiuVmUdip
SCMKUVzubeyRrg+Jih6ef+xV728qAb16Fp4vILoTkZmDVtn/RIg4saw8M8rx0408G2MsKo6nzb1
1zOe0b4tzm0K0UNbSigh0BHPOVuSfnWEfIoncao3Hp0PLdYgG3jOQvpaF6RMVFZIUsgOuoYlU5n
+eGetahNulb+LX9EOnwE87up3a1zQLExaJQKiajKHQGaRjZ4ZJiITMus318eGMatFRiLo00S9V3
GmToLlG+lMrVo63sY4F0l/8KeBkS5KUz1znFp6I2k0sBe6UyCJzyDTClfaD6UNxxwwurIQOQnYv
6I++CaQI77dS3uc0a93BEM+0w5B982ShtFVv70Tc++pWIqVGqVfYjHtHMrOQS2OtSMNBkgi3JCF
9izvjIr7nMJTg5Nl242iFPiEiTTmFPRIRfyfZGpG//7HvoECRaL7qlEEQCkGYhYZ0bcX/TIFJl8
8T7CEsO+Cx5quIY6uSpt7HZNQf5KqaQHEP8ppIIp/fWQtLA98Sv6FHqhy8UKNVUpya1IDJvVAPb
jTnN2BEm/MgMWO9pIV4EKMm/vaUnqB5bNhcoQlLyfO2HDzQWoaxdK+u7bqf/aUHPONZxY6rYCBA
17odgZSE+5V9Z0b5y/BLsn7owfmo97pMJolyz206qG3qERNLmJQU8Q4aLKa5dHldYlOSOeEln2y
UBwbjzg9c0pwaqcm5eLjW9gZvMallJjjJMZq/1Eq/0lBhrq+fsRVm+5lScw/EYrPfztuFb8BD17
9PUTohHJYo8CuMe2NEozh2t9yevAEMUKFKwYuJkYGedFLct3Ex+46IVYLb8aBL1ArJGwSU2IA==
";
mail-complaints-to="abuse@neodome.net"
References: <877c85reae.fsf@example.com>
Content-Transfer-Encoding: 7bit
Subject: Re: 6-day TLS certificates from Let's Encrypt
Message-ID: <20241212.001223.a7feaecb@mixmin.net>

View all headers

On Wed, 11 Dec 2024 20:27:37 -0300, Salvador Mirzo <smirzo@example.com> wrote:
>Let's Encrypt is planning a 6-day TLS certificate for next year.
>> Our longstanding offering won't fundamentally change next year, but we
>> are going to introduce a new offering that's a big shift from anything
>> we've done before - short-lived certificates. Specifically,
>> certificates with a lifetime of six days. This is a big upgrade for
>> the security of the TLS ecosystem because it minimizes exposure time
>> during a key compromise event.
>Source:
>https://letsencrypt.org/2024/12/11/eoy-letter-2024/

seems like everyone is using tls . . . is there anyone "not" using it?

(using Tor Browser 14.0.3)
https://letsencrypt.org/
>Thousands of people around the world make our work possible. Donate today.
>...
>About Us
>https://letsencrypt.org/about/
>About Let's Encrypt
>Let's Encrypt is a free, automated, and open certificate authority (CA), run for
>the public's benefit. It is a service provided by the Internet Security Research
>Group (ISRG).
>We give people the digital certificates they need in order to enable HTTPS
>(SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this
>because we want to create a more secure and privacy-respecting Web.
>You can read about our most recent year in review by downloading our annual report.
>The key principles behind Let's Encrypt are:
> Free: Anyone who owns a domain name can use Let's Encrypt to obtain a trusted
> certificate at zero cost.
> Automatic: Software running on a web server can interact with Let's Encrypt to
> painlessly obtain a certificate, securely configure it for use, and automatically
> take care of renewal.
> Secure: Let's Encrypt will serve as a platform for advancing TLS security best
> practices, both on the CA side and by helping site operators properly secure
> their servers.
> Transparent: All certificates issued or revoked will be publicly recorded and
> available for anyone to inspect.
> Open: The automatic issuance and renewal protocol is published as an open
> standard that others can adopt.
> Cooperative: Much like the underlying Internet protocols themselves, Let's
> Encrypt is a joint effort to benefit the community, beyond the control of any one
> organization.
>We have a page with more detailed information about how the Let's Encrypt CA works.
>Support a more secure and privacy-respecting Web.
>Donate
>Let's Encrypt is a free, automated, and open certificate authority brought to you
>by the nonprofit Internet Security Research Group (ISRG). Read all about our
>nonprofit work this year in our 2024 Annual Report.
>548 Market St, PMB 77519, San Francisco, CA 94104-5401, USA
>Send all mail or inquiries to:
>PO Box 18666, Minneapolis, MN 55418-0666, USA
> GitHub
> LinkedIn
> Mastodon
>View our privacy policy.
>View our trademark policy.
>Subscribe for email updates about Let's Encrypt and other ISRG projects
>(c) 2024 Internet Security Research Group
[end quoted plain text]

(using Tor Browser 14.0.3)
https://duckduckgo.com/?q=transport+layer+security+secure+sockets

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: Rich
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Thu, 12 Dec 2024 00:28 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rich@example.invalid (Rich)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Thu, 12 Dec 2024 00:28:38 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <vjdanm$1potb$1@dont-email.me>
References: <877c85reae.fsf@example.com> <20241212.001223.a7feaecb@mixmin.net>
Injection-Date: Thu, 12 Dec 2024 01:28:39 +0100 (CET)
Injection-Info: dont-email.me; posting-host="2d19d4e4cf6bb3dfcc253127b97402c1";
logging-data="1893291"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19667fGB+8YhSpX2LrIkF0a"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:7tzBtsWgpWCB7ijhtKoKt+pyIps=

View all headers

D <noreply@mixmin.net> wrote:
> On Wed, 11 Dec 2024 20:27:37 -0300, Salvador Mirzo <smirzo@example.com> wrote:
>>Let's Encrypt is planning a 6-day TLS certificate for next year.
>>> Our longstanding offering won't fundamentally change next year, but we
>>> are going to introduce a new offering that's a big shift from anything
>>> we've done before - short-lived certificates. Specifically,
>>> certificates with a lifetime of six days. This is a big upgrade for
>>> the security of the TLS ecosystem because it minimizes exposure time
>>> during a key compromise event.
>>Source:
>>https://letsencrypt.org/2024/12/11/eoy-letter-2024/
>
> seems like everyone is using tls . . . is there anyone "not" using it?

Given Chrome's "insecure" branding in the URL bar from the "make
everything https" push some years back, there are far fewer who are not
using it.

But six day expiry dates, that just sounds insane.

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: Broseki
Newsgroups: comp.misc
Organization: NewsgroupDirect
Date: Thu, 12 Dec 2024 01:05 UTC
References: 1 2 3

From: broseki@whitetail.is (Broseki)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
X-Face: %KaJ'e^,:Yx5n.gA4n_t&j[.aixqxh:@5]fYXDJ"QU%OlJTqi]y2:-SBBrNeJi(]p&>)gWN ;<29M<N!ox~^epr0hGtX@Yi{wmJtd*E48CKTQ&aX_/w%x6_yhkisy!8UZ"!eSQnNO?nYT:sgIi_ae! P*<u!f9;d.S>88-pB?jT#Z=q,/a7:l]?%4u!^cibl*z!-J<iBwO}(Ys_._kk4b)a=?V,5wa7Uq@t,F O(-#{Yjuk{G4}ln/])D[VRA^WUKUo(KgF;u!D4|fZRV\%_[dmJ6=*1'b,yX&~p4Q~Ur\Wl}>"Y7qn? wF54XW:
References: <877c85reae.fsf@example.com> <20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
User-Agent: Usenapp for MacOS
X-Usenapp: v1.27.4/d - Full License
Lines: 27
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.newsgroupdirect.com!not-for-mail
Date: Thu, 12 Dec 2024 01:05:24 +0000
Nntp-Posting-Date: Thu, 12 Dec 2024 01:05:24 +0000
X-Received-Bytes: 2189
Organization: NewsgroupDirect
X-Complaints-To: abuse@newsgroupdirect.com
Message-Id: <1810487515d7ada1$4727$2365644$4296dcc3@news.newsgroupdirect.com>

View all headers

On Dec 11, 2024 at 7:28:38 PM EST, "Rich" <rich@example.invalid> wrote:

> D <noreply@mixmin.net> wrote:
>> On Wed, 11 Dec 2024 20:27:37 -0300, Salvador Mirzo <smirzo@example.com> wrote:
>>> Let's Encrypt is planning a 6-day TLS certificate for next year.
>>>> Our longstanding offering won't fundamentally change next year, but we
>>>> are going to introduce a new offering that's a big shift from anything
>>>> we've done before - short-lived certificates. Specifically,
>>>> certificates with a lifetime of six days. This is a big upgrade for
>>>> the security of the TLS ecosystem because it minimizes exposure time
>>>> during a key compromise event.
>>> Source:
>>> https://letsencrypt.org/2024/12/11/eoy-letter-2024/
>>
>> seems like everyone is using tls . . . is there anyone "not" using it?
>
> Given Chrome's "insecure" branding in the URL bar from the "make
> everything https" push some years back, there are far fewer who are not
> using it.
>
> But six day expiry dates, that just sounds insane.

I have been running 2-day TTL certs for some services I run. It is not bad at
all with ACME since things just renew in the background; and it really helps
cut down on the possbile impact of a compromised cert.

Without ACME though, no way it would be possible XD

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: Lawrence D'Oliv
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Thu, 12 Dec 2024 01:10 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Thu, 12 Dec 2024 01:10:36 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <vjdd6c$1q6qt$1@dont-email.me>
References: <877c85reae.fsf@example.com>
<20241212.001223.a7feaecb@mixmin.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 12 Dec 2024 02:10:37 +0100 (CET)
Injection-Info: dont-email.me; posting-host="f089114b1739cee2d645e6e434e62749";
logging-data="1907549"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/hZdtN3RDU5nDkS1Gi9OYg"
User-Agent: Pan/0.161 (Chasiv Yar; )
Cancel-Lock: sha1:bxY0lFEdo/NyxUhSndOvDzGFCbI=

View all headers

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: D
Newsgroups: comp.misc
Date: Thu, 12 Dec 2024 01:42 UTC
References: 1 2 3

Newsgroups: comp.misc
Content-Transfer-Encoding: 7bit
From: noreply@mixmin.net (D)
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!nyheter.lysator.liu.se!news.samoylyk.net!news.neodome.net!mail2news
References: <877c85reae.fsf@example.com> <20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me>
Comments: This message was transferred to Usenet via mail2news gateway at
<mail2news@neodome.net>. Please send questions and concerns to
<admin@neodome.net>. Report inappropriate use to <abuse@neodome.net>.
Message-ID: <20241212.014226.1118c517@mixmin.net>
Injection-Date: Thu, 12 Dec 2024 01:45:02 +0000 (UTC)
Injection-Info: neodome.net;
posting-account="mail2news";
key="MUO8rTH1FsovP6ylUHqoMIt7sfWW7lFV5d0Z4HrRSC8yHvzzXUJR/ZkNL2SN/ezxT1GsQk
LIgX7m0dpuKiVZSS9XqRa9c4dcpZAcd4/pbp1DbJRTqhhn6Vg450QdYxreAKqkQxcsiNxjkP17f
8wO5VX83Naw36WnukjPP4/guXaU5FbhQ3PKYK3O8P6kvv05eCk3Ih0MckLQzntMVdps+RfzaRnX
WevbGczPpyaBW1RJs7kcA6jQ0mpguL2l45gNpUJngWJL4VQv0QgEwppUZ+q7fzL/oFGM2QPUuqX
JGM4l1to3KdBnURTMeA8uYU94o7iVzEDuS6lhhyWVocRdxw==";
data="U2FsdGVkX1/LFZKfjoC49KFVzVxVQwAmUMsJNinOTtckug2lr02DDt37P1x1Cx3/Z2092
ZmDoAb63fB1m13iSt/OWU8uVIT6nAYhJWgwHWC7jmc+5FlSG+WEjxYDZr0uykNigpN04qOE0mxN
Wzav026zH1yITGeU4YPSn7VNPBqvnCbiPQF4D1zNmYrZCnmKJXKJv3nWciZgoufr+c5L4MppRzE
UIMpHd2q/9rhJAMMrsE+xVnH6qH77zxe0z4y+gAwUN7Q6/rcBA2ocV1fqetOrdz9ETgEFRCmghc
+xg5pjaaUdU3080i/gE6CQew3Qe5tmkoSRhQmIkCNPH1Xs3E4FujXCogtMzdEo1muwJbO4ROeTz
kv3j/eFKUm1F0Xe8aSP1rHu0Gp+S+EvOFqecKoaqoL9f6pMPdHFDa3YlDjITrr/WpsWIWIUPcId
Fwlen+BAQLw6cuspOQiP6Hhr5kTkqxqXJ/tBVK2o+FT+UxcFwKeleqnrUoEAH+RFZYGJ5tSfhhh
UFG1l/Xp8qKn+GC1p3krloCmIdiqvWG2OeeV7w5C+PyX5hoxztBS67C89G5MxZqvo9RwZ6XzNeB
fmE1qfSLXuUIyapvi30Xqua3IgRHAa2iZ/hjPAQH5+Bcn9HsfDVGwSaKWLuL/nii0RRZW49dgTL
Reoci27dyPgmqMLkUtrp1AWgFkq4OsjMGysHsYjwYbqR0N/NbdERWv0gU5rXMzUKD4d/E5rvEB+
/2+I6gxz6QLYjRRzwNI8A0qJ4+QB0kiWAe1xoCSwUH3qwytBFgcbstR1J4QPiabkgpHdvOWpQlR
iFTXL/GikCQq9ddAxoi7+x0hDOUQr5rDg+i+mZtG22RroPWenK/pWCftqXRyBc1CJVJYmupJylL
Av4vWa00syE22XCSIinB2dOTtC/y8Mtb7fiBT7LkaAboImwedMyUg8cQPT7wn6RBTRIKPX/eLWS
QiwYJvFUsEwqtE6/Yq+sqWGzrZMcGQehDpg3tHpxoa9fUGW8lSp6k+4uxAEyUKRSP5uLjWsbsSA
cRuvkxgdvZyhEia+FwJ6TZE4uYO4jm+mp3HoCiYOsokMb4IJjhrpC0bSUxuEhlAi5pLPH/1cFL1
OWH4lKUaME7np96l2ARDqeMKBKQUxRAL+GAjAYduVsGETubTJ8CMQbRdSU5zvuwjCGTwkOmaLUk
Z5FPg3Fevwc7WdnfX2CYaKR2ea+afYKySKeZjWUnh6CF/hUUUYSWjEg6tdLj+UD2kRIyPs9+2/A
EBsEc9qv/FfkGDv2DPzUlgGpxdnbIPuTSwVzdpntQNd13LsViHsktKil+Pee6yKBdPrDCyBTTHX
d52Dw/4297RlrTVpLJa40A/zfx/aTfXVgq4GAJYlhZj47px4HV9QIjcJSfuSrP6T+MFerUX0VDU
r7IOXn2tdbuKkTlYVE+Iv8wWojChnTeYuatcdMIuEiEbi68Gg1zA0ciLrhmkT+1+6B/0oF/iMEj
WJiTfMkRLlS4vPnoIXdCwAgpHZoDxeFSAVZSw22uiu1sNmleNJL8MHZi9YJ5OZW5TnSM9u1uC/5
iRG6nG8Z2Qa9In/CeyJ5QrWUpISaHjxLfsWEyalOTYj/kNrS4LzFi+HlnvNLW2rGQ0wsV0JGMTJ
7oYzglPmFDZGhXgh7JFKANQ15okTvJxVoe5yfA2hperp1gncAa6ye5MubX8Bnxgvl7fo/IlW26p
D+TsWHg2DqGAZpWaeM9PmcS8zOZ5ufFFPujGoDHstzK3JciHYct+m3rewhRHEmZuz4sqw+tEyIQ
FJEx/OjQXzlyl1YAVSdc23lDLDDjJVdYqg1aJY3Fu+d7RYlFMgfT4mRQu0YHhoBDcM8n/FNwUr2
HgvEt7JL2ksGw/NDIynZqYxb5bZ1lyJJvOL3s8Ra7DXSKVfslimIH8oNRtcP/oShRk3mJE39pFM
olQStl+33v0WRGFlHDgxvUig5kUs5b92ctfdowhF";
mail-complaints-to="abuse@neodome.net"
Date: Thu, 12 Dec 2024 01:42:26 +0000
Subject: Re: 6-day TLS certificates from Let's Encrypt

View all headers

On Thu, 12 Dec 2024 00:28:38 -0000 (UTC), Rich <rich@example.invalid> wrote:
>D <noreply@mixmin.net> wrote:
>> On Wed, 11 Dec 2024 20:27:37 -0300, Salvador Mirzo <smirzo@example.com> wrote:
>>>Let's Encrypt is planning a 6-day TLS certificate for next year.
>>>> Our longstanding offering won't fundamentally change next year, but we
>>>> are going to introduce a new offering that's a big shift from anything
>>>> we've done before - short-lived certificates. Specifically,
>>>> certificates with a lifetime of six days. This is a big upgrade for
>>>> the security of the TLS ecosystem because it minimizes exposure time
>>>> during a key compromise event.
>>>Source:
>>>https://letsencrypt.org/2024/12/11/eoy-letter-2024/
>>
>> seems like everyone is using tls . . . is there anyone "not" using it?
>
>Given Chrome's "insecure" branding in the URL bar from the "make
>everything https" push some years back, there are far fewer who are not
>using it.
>But six day expiry dates, that just sounds insane.

i really don't know enough about this subject to comment . . . but i have
been using anonymous remailers since 1997 ("replay"... before "dizum" etc.)
and lately i've noticed yamn key updates (e.g. mixmin.net/yamn/pubring.mix)
do seem to be occurring more frequently within the past month or so, to wit:

(using Tor Browser 14.0.3)
https://www.mixmin.net/yamn/pubring.mix
>frell nyam@remailer.frell.eu.org 45424f73fca08073b697ee69737da3dd 4:0.2c E 2024-12-10 2024-12-24
>gronk yamn@gronk.ch e90a004308d8ceecb3e3f469d34ca2b9 4:0.2.6 M 2024-12-08 2024-12-22
>lorem yamn@eocto.net f8ec1c45316ca426b2452b5a716d05d5 4:0.2.6 M 2024-12-07 2024-12-21
>middleman yamn@middleman.remailer.online 6a1f4c71bafd3dac9fc2808c7011ca8d 4:0.2.6 M 2024-12-06 2024-12-20
>milton yamn@milton.redmv.net 41415e5f27dc27160d7d6f54238dd385 4:0.2.6 M 2024-12-10 2024-12-24
>paranoyamn yamn@yamn.paranoici.org 403977616c0c5497b1736efe10c91c03 4:0.2c E 2024-12-06 2024-12-20
>shalo yamn@shalo.ca a1b7038c154cc3e3cfa4bf2ee3c6e385 4:0.2.6 M 2024-12-05 2024-12-19
>tncmm yamn@tnetconsulting.net 3d82ae32b0e692914fa84b8b994187c2 4:0.2c M 2024-12-04 2024-12-18
>victor yamn@virebent.art 3be2e6fb18b7e5e00eb2a95deb9bc2c1 4:0.2c M 2024-12-08 2024-12-22
>yamn yamn@mixmin.net 0bb6ccac8db394739840bc586e8d425d 4:0.2.6 E 2024-12-08 2024-12-13
>yamn2 yamn2@mixmin.net 6266507f5503fd11cbd22351f2b9c3b0 4:0.2.6 E 2024-12-09 2024-12-14
>yamn3 yamn3@mixmin.net ef6361bd9b6489f5d2a4f3d542afbed1 4:0.2.6 E 2024-12-11 2024-12-16
>yamn4 yamn4@mixmin.net 5d704a802745539fe58b80528fd7e596 4:0.2.6 M 2024-12-10 2024-12-24
[end quoted plain text]

it used to be that at least one or two of these yamn keys would be expired
for maybe a day or two before being updated . . . maybe this "six day" tls
business has something to do with it? (this may have been discussed in the
news:alt.privacy.anon-server newsgroup, but if so i probably missed it)...

if updating public keys, certificates, etc., more frequently helps to keep
everything current, maybe this "six day" trend is something more permanent

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Thu, 12 Dec 2024 06:07:53 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 14
Message-ID: <vjdujp$20g9u$2@dont-email.me>
References: <877c85reae.fsf@example.com>
<20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me>
<1810487515d7ada1$4727$2365644$4296dcc3@news.newsgroupdirect.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 12 Dec 2024 07:07:54 +0100 (CET)
Injection-Info: dont-email.me; posting-host="f089114b1739cee2d645e6e434e62749";
logging-data="2113854"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/uRkUW2pee9cziLQHDjxVv"
User-Agent: Pan/0.161 (Chasiv Yar; )
Cancel-Lock: sha1:Tk2djcfgkp73YFV9F8IEZm6Cq1k=

View all headers

On Thu, 12 Dec 2024 01:05:24 +0000, Broseki wrote:

> I have been running 2-day TTL certs for some services I run. It is not
> bad at all with ACME since things just renew in the background; and it
> really helps cut down on the possbile impact of a compromised cert.
>
> Without ACME though, no way it would be possible XD

If the Let’s Encrypt folks have no trouble with the server load, then I
guess I have no objection either.

When I started using Let’s Encrypt, I found the default setting for Debian
was to check for renewals twice a day. That shocked me a bit, but I assume
they knew what they were doing.

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: Richard Kettlewell
Newsgroups: comp.misc
Organization: terraraq NNTP server
Date: Thu, 12 Dec 2024 10:03 UTC
References: 1 2 3

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!nntp.terraraq.uk!.POSTED.tunnel.sfere.anjou.terraraq.org.uk!not-for-mail
From: invalid@invalid.invalid (Richard Kettlewell)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Thu, 12 Dec 2024 10:03:29 +0000
Organization: terraraq NNTP server
Message-ID: <wwved2dtdzi.fsf@LkoBDZeT.terraraq.uk>
References: <877c85reae.fsf@example.com> <20241212.001223.a7feaecb@mixmin.net>
<vjdanm$1potb$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: innmantic.terraraq.uk; posting-host="tunnel.sfere.anjou.terraraq.org.uk:172.17.207.6";
logging-data="23363"; mail-complaints-to="usenet@innmantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:t4LE8E92oGlNEVyhFswOmYpvGvI=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^
F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha
+r0NzP?vnz:e/knOY)PI-
X-Boydie: NO

View all headers

Rich <rich@example.invalid> writes:
> Given Chrome's "insecure" branding in the URL bar from the "make
> everything https" push some years back, there are far fewer who are
> not using it.
>
> But six day expiry dates, that just sounds insane.

I suspect six days is chosen to be one day shorter than the one-week
OCSP timeout they quote in their blog post about revocation[1]. So, they
can sunset OCSP support and at the same time improve revocation
performance and effectiveness (it fails open, so it doesn’t work against
a well-positioned attacker).

[1] https://letsencrypt.org/2022/09/07/new-life-for-crls/

--
https://www.greenend.org.uk/rjk/

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: Broseki
Newsgroups: comp.misc
Organization: NewsgroupDirect
Date: Thu, 12 Dec 2024 22:28 UTC
References: 1 2 3 4 5

From: broseki@whitetail.is (Broseki)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
X-Face: %KaJ'e^,:Yx5n.gA4n_t&j[.aixqxh:@5]fYXDJ"QU%OlJTqi]y2:-SBBrNeJi(]p&>)gWN ;<29M<N!ox~^epr0hGtX@Yi{wmJtd*E48CKTQ&aX_/w%x6_yhkisy!8UZ"!eSQnNO?nYT:sgIi_ae! P*<u!f9;d.S>88-pB?jT#Z=q,/a7:l]?%4u!^cibl*z!-J<iBwO}(Ys_._kk4b)a=?V,5wa7Uq@t,F O(-#{Yjuk{G4}ln/])D[VRA^WUKUo(KgF;u!D4|fZRV\%_[dmJ6=*1'b,yX&~p4Q~Ur\Wl}>"Y7qn? wF54XW:
References: <877c85reae.fsf@example.com> <20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me> <1810487515d7ada1$4727$2365644$4296dcc3@news.newsgroupdirect.com> <vjdujp$20g9u$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
User-Agent: Usenapp for MacOS
X-Usenapp: v1.27.4/l - Full License
Lines: 28
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.newsgroupdirect.com!not-for-mail
Date: Thu, 12 Dec 2024 22:28:30 +0000
Nntp-Posting-Date: Thu, 12 Dec 2024 22:28:30 +0000
X-Received-Bytes: 2377
X-Complaints-To: abuse@newsgroupdirect.com
Organization: NewsgroupDirect
Message-Id: <18108e79d782ae50$8633$1734$4286dcd3@news.newsgroupdirect.com>

View all headers

On Dec 12, 2024 at 1:07:53 AM EST, "Lawrence D'Oliveiro" <ldo@nz.invalid>
wrote:

> On Thu, 12 Dec 2024 01:05:24 +0000, Broseki wrote:
>
>> I have been running 2-day TTL certs for some services I run. It is not
>> bad at all with ACME since things just renew in the background; and it
>> really helps cut down on the possbile impact of a compromised cert.
>>
>> Without ACME though, no way it would be possible XD
>
> If the Let’s Encrypt folks have no trouble with the server load, then I
> guess I have no objection either.
>
> When I started using Let’s Encrypt, I found the default setting for Debian
> was to check for renewals twice a day. That shocked me a bit, but I assume
> they knew what they were doing.

That is an interesting point; I wonder how much load they are really seeing;
the certs I have set to 2 days are all for corporate internal CAs using ACME
not Let's Encrypt, my LE certs are still the default (30 days now?). I also
wonder if they have any sort of crypto acceleration going on in the backend to
make what I assume to be massive amounts of requests flow smoothly. I'd say
probably 80%+ of websites I see now use Let's Encrypt certs, and crypto stuff
is all pretty compute intensive.

It is crazy the service is free. It was not long ago when certs were super
expensive (especially for things like personal websites and projects).

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!nntp.terraraq.uk!.POSTED.tunnel.sfere.anjou.terraraq.org.uk!not-for-mail
From: invalid@invalid.invalid (Richard Kettlewell)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Thu, 12 Dec 2024 23:28:32 +0000
Organization: terraraq NNTP server
Message-ID: <wwvo71gpjkv.fsf@LkoBDZeT.terraraq.uk>
References: <877c85reae.fsf@example.com> <20241212.001223.a7feaecb@mixmin.net>
<vjdanm$1potb$1@dont-email.me>
<1810487515d7ada1$4727$2365644$4296dcc3@news.newsgroupdirect.com>
<vjdujp$20g9u$2@dont-email.me>
<18108e79d782ae50$8633$1734$4286dcd3@news.newsgroupdirect.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: innmantic.terraraq.uk; posting-host="tunnel.sfere.anjou.terraraq.org.uk:172.17.207.6";
logging-data="34493"; mail-complaints-to="usenet@innmantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:3xKaAxLRIIBWx4aW2JNz65h7e3Q=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^
F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha
+r0NzP?vnz:e/knOY)PI-
X-Boydie: NO

View all headers

Broseki <broseki@whitetail.is> writes:
> That is an interesting point; I wonder how much load they are really
> seeing; the certs I have set to 2 days are all for corporate internal
> CAs using ACME not Let's Encrypt, my LE certs are still the default
> (30 days now?). I also wonder if they have any sort of crypto
> acceleration going on in the backend to make what I assume to be
> massive amounts of requests flow smoothly.

They are using donated Hardware Security Modules (or were in 2021).

https://letsencrypt.org/2021/02/10/200m-certs-24hrs/#hsm-performance

HSMs do often include some kind of crypto accelerator rather than using
their main CPU. However the need for an HSM in this particular context
is not about performance as such (although of course they do need to
satisfy the service’s performance requirements); it’s about protecting
the signing key. See s6.2.7 of:
https://cabforum.org/working-groups/server/baseline-requirements/documents/CA-Browser-Forum-TLS-BR-2.1.1.pdf

The analysis in the blog post is about the cost of re-signing everything
during disaster recovery. If the 200M total certificates figure is
still approximately right then renewing every 6 days is under 400TPS.
Even with 100%+ growth in the intervening years a single HSM is not
going to much trouble keeping up.

--
https://www.greenend.org.uk/rjk/

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: Lawrence D'Oliv
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Fri, 13 Dec 2024 03:02 UTC
References: 1 2 3 4 5 6

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Fri, 13 Dec 2024 03:02:31 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <vjg846$36h24$4@dont-email.me>
References: <877c85reae.fsf@example.com>
<20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me>
<1810487515d7ada1$4727$2365644$4296dcc3@news.newsgroupdirect.com>
<vjdujp$20g9u$2@dont-email.me>
<18108e79d782ae50$8633$1734$4286dcd3@news.newsgroupdirect.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 13 Dec 2024 04:02:31 +0100 (CET)
Injection-Info: dont-email.me; posting-host="4a9fda4f27bd8b0b5de8f91ee282534a";
logging-data="3359812"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/XCtSHy7QymQXAVtkfLfnf"
User-Agent: Pan/0.161 (Chasiv Yar; )
Cancel-Lock: sha1:DlZcXGFESp0Ge6ldXA8kNDEulbQ=

View all headers

On Thu, 12 Dec 2024 22:28:30 +0000, Broseki wrote:

> On Dec 12, 2024 at 1:07:53 AM EST, "Lawrence D'Oliveiro"
> <ldo@nz.invalid> wrote:
>
>> When I started using Let’s Encrypt, I found the default setting for
>> Debian was to check for renewals twice a day. That shocked me a bit,
>> but I assume they knew what they were doing.
>
> That is an interesting point; I wonder how much load they are really
> seeing; the certs I have set to 2 days are all for corporate internal
> CAs using ACME not Let's Encrypt, my LE certs are still the default (30
> days now?).

All the certs I have any responsibility for are valid for 90 days.

> I also wonder if they have any sort of crypto acceleration
> going on in the backend to make what I assume to be massive amounts of
> requests flow smoothly.

I imagine that checking for the validity of a cert itself can be done
using some less-security-sensitive database without resort to the HSM, so
having to do it 180 times before a renewal is probably not considered
excessive.

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: Theo
Newsgroups: comp.misc
Organization: University of Cambridge, England
Date: Fri, 13 Dec 2024 18:22 UTC
References: 1 2 3

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED.chiark.greenend.org.uk!not-for-mail
From: theom+news@chiark.greenend.org.uk (Theo)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: 13 Dec 2024 18:22:25 +0000 (GMT)
Organization: University of Cambridge, England
Message-ID: <14s*y7X1z@news.chiark.greenend.org.uk>
References: <877c85reae.fsf@example.com> <20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me>
Injection-Info: chiark.greenend.org.uk; posting-host="chiark.greenend.org.uk:93.93.131.173";
logging-data="9972"; mail-complaints-to="abuse@chiark.greenend.org.uk"
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/5.10.0-28-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([93.93.131.173])

View all headers

Rich <rich@example.invalid> wrote:
> D <noreply@mixmin.net> wrote:
> > On Wed, 11 Dec 2024 20:27:37 -0300, Salvador Mirzo <smirzo@example.com> wrote:
> >>Let's Encrypt is planning a 6-day TLS certificate for next year.
> >>> Our longstanding offering won't fundamentally change next year, but we
> >>> are going to introduce a new offering that's a big shift from anything
> >>> we've done before - short-lived certificates. Specifically,
> >>> certificates with a lifetime of six days. This is a big upgrade for
> >>> the security of the TLS ecosystem because it minimizes exposure time
> >>> during a key compromise event.
> >>Source:
> >>https://letsencrypt.org/2024/12/11/eoy-letter-2024/
> >
> > seems like everyone is using tls . . . is there anyone "not" using it?
>
> Given Chrome's "insecure" branding in the URL bar from the "make
> everything https" push some years back, there are far fewer who are not
> using it.
>
> But six day expiry dates, that just sounds insane.

It sounds quite handy to me. One of the problems with Let's Encrypt is that
you set up your server, you get a LE certificate, you set up a cron job for
renewal. And then 90 days later you find out that your cron job didn't work
for $reasons and the cert expired. Making this timeout 6 days means that
you find this bug much quicker - if it's still working after a couple of
weeks then things are good.

I might not want to use them in production unless I had a specific concern
over revocation, but being able to use a 6 day cert for the initial
bringup and then move to a 90 day cert once things are stable could be
handy.

Theo

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Fri, 13 Dec 2024 22:01:38 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 14
Message-ID: <vjias2$3kiac$1@dont-email.me>
References: <877c85reae.fsf@example.com>
<20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me>
<14s*y7X1z@news.chiark.greenend.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 13 Dec 2024 23:01:39 +0100 (CET)
Injection-Info: dont-email.me; posting-host="4a9fda4f27bd8b0b5de8f91ee282534a";
logging-data="3819852"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18265VUrhcHtRcs6+RiY/6v"
User-Agent: Pan/0.161 (Chasiv Yar; )
Cancel-Lock: sha1:wNfIQUAdZPM3/GhQfJP3H1cRE1g=

View all headers

On 13 Dec 2024 18:22:25 +0000 (GMT), Theo wrote:

> One of the problems with Let's Encrypt is
> that you set up your server, you get a LE certificate, you set up a cron
> job for renewal. And then 90 days later you find out that your cron job
> didn't work for $reasons and the cert expired.

Debian provides a systemd timer definition to take care of this for you as
a standard part of its certbot package. By default the timer task runs
twice a day.

If you want to handcraft your own solution, have it run at a similar
frequency, at least to start with, to ensure it works properly. You can
also test out dummy renewals as part of that process.

Subject: Re: 6-day TLS certificates from Let's Encrypt
From: Eli the Bearded
Newsgroups: comp.misc
Organization: Some absurd concept
Date: Sun, 15 Dec 2024 03:11 UTC
References: 1 2 3 4

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!.POSTED.panix5.panix.com!qz!not-for-mail
From: *@eli.users.panix.com (Eli the Bearded)
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Sun, 15 Dec 2024 03:11:40 -0000 (UTC)
Organization: Some absurd concept
Message-ID: <eli$2412142206@qaz.wtf>
References: <877c85reae.fsf@example.com> <20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me> <14s*y7X1z@news.chiark.greenend.org.uk>
Injection-Date: Sun, 15 Dec 2024 03:11:40 -0000 (UTC)
Injection-Info: reader2.panix.com; posting-host="panix5.panix.com:166.84.1.5";
logging-data="13803"; mail-complaints-to="abuse@panix.com"
User-Agent: Vectrex rn 2.1 (beta)
X-Liz: It's actually happened, the entire Internet is a massive game of Redcode
X-Motto: "Erosion of rights never seems to reverse itself." -- kenny@panix
X-US-Congress: Moronic Fucks.
X-Attribution: EtB
XFrom: is a real address
Encrypted: double rot-13

View all headers

In comp.misc, Theo <theom+news@chiark.greenend.org.uk> wrote:
> It sounds quite handy to me. One of the problems with Let's Encrypt is that
> you set up your server, you get a LE certificate, you set up a cron job for
> renewal. And then 90 days later you find out that your cron job didn't work
> for $reasons and the cert expired. Making this timeout 6 days means that
> you find this bug much quicker - if it's still working after a couple of
> weeks then things are good.

When I have problems, I get mail from Let's Encrypt saying things like
"your cert is expiring in two weeks, did you know that?". That's why you
give them an email address during setup.

In my case, it's usually not because there is an issue with cron, but
because I have N names in one cert and I deleted the DNS record for one
of those and didn't update the LE config. They, quite rightly, don't
like to give out certs for names that don't resolve.

Elijah
------
sometimes uses wildcard certs

Today is National Existential Ennui Awareness Day.

comp / comp.misc / Re: 6-day TLS certificates from Let's Encrypt

Subject	Author
6-day TLS certificates from Let's Encrypt	Salvador Mirzo
Re: 6-day TLS certificates from Let's Encrypt	D
Re: 6-day TLS certificates from Let's Encrypt	Rich
Re: 6-day TLS certificates from Let's Encrypt	Broseki
Re: 6-day TLS certificates from Let's Encrypt	Lawrence D'Oliveiro
Re: 6-day TLS certificates from Let's Encrypt	Broseki
Re: 6-day TLS certificates from Let's Encrypt	Richard Kettlewell
Re: 6-day TLS certificates from Let's Encrypt	Lawrence D'Oliveiro
Re: 6-day TLS certificates from Let's Encrypt	D
Re: 6-day TLS certificates from Let's Encrypt	Richard Kettlewell
Re: 6-day TLS certificates from Let's Encrypt	Theo
Re: 6-day TLS certificates from Let's Encrypt	Lawrence D'Oliveiro
Re: 6-day TLS certificates from Let's Encrypt	Eli the Bearded
Re: 6-day TLS certificates from Let's Encrypt	Lawrence D'Oliveiro