On 2026-04-12 Hartmut W Sager wrote:
Long live Let's Encrypt, who rescued us from this.
I'm not jumping on the LE bandwagon quite so quickly. It's only because of LE and their "must automate" paradigm that Apple/Google were able to push these "must automate" expiry shortenings into place. If one were cynical (nah, not me!) you'd think it was planned all along... someone knew 15 years ago they wanted to push to short certs and mostly centralized control with 1 or 2 major players. Without LE setting the must-automate trend and taking the majority market share, there would have been vast rebellion today by the customer base, resellers and cert vendors had the big players tried to force 47 days (and automation) on us. But everyone now happily accepts it because "yay free certs", "I'm already using LE". Now, all your base belong to them. And ignore the order they list their funders in Wiki... Instead look who's in there (Google, FB, AWS, Gates), and never mind the fact EFF/Mozilla have no money anyway that isn't donated probably from the same places... I agree the original market paradigm was a bit wonky, but that half- fixed itself when $10 certs (vs $75+ ones) became available. I also agree there always should have been a free option: but maybe a marketplace of free options, not just One Ring To Encrypt Them All. The concentration of power is and will be much worse now, and their ability to shut off dissenters will be more powerful than before. (Gets me thinking about the whole "every site must be SSL" push too... none of this is occurring in isolation or for the reasons stated. We pray it's for altruistic reasons, but history shows that's likely impossible.)