I don't get the desire for longer-life certs. I would argue that they should be ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dexterdog on Jan 7, 2017 \| parent \| context \| favorite \| on: Let’s Encrypt 2016 in Review I don't get the desire for longer-life certs. I would argue that they should be shorter to keep the exposure of a leaked cert down. Whether a cert is good for a week or a year you should be automating the renewal.

novaleaf on Jan 7, 2017 [–]

basically no 3rd party system is designed to execute programs to obtain new certs when they expire. so can't use LE for existing workflows.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact