Hacker News Re-Imagined

LetsEncrypt Certificate Issuance Halted

  • 147 points
  • 17 hours ago

  • @Phreaker00
  • Created a post
  • • 56 comments

LetsEncrypt Certificate Issuance Halted


@zinekeller 16 hours

Replying to @Phreaker00 🎙

I'll be honest, this is still better than some more 'professional' CA issuers which sometimes just stops for a whole day. I hope that day is spent on audits and not like because their update regime doesn't support on-the-fly (or virtually on-the-fly by having two or more signing machines) updates.

Reply


@pulse7 16 hours

Replying to @Phreaker00 🎙

I like Let's Encrypt's free certificates! But I don't like centralization where failure in a centralized service may render millions of websites inaccessible... It is somehow against the spirit of the "inter-net" where many independent networks and computers are connected and work even if some fail...

Reply


@sam0x17 16 hours

Replying to @Phreaker00 🎙

Things are under a lot of strain today. I noticed AWS lambda went down earlier today for 4 of my clients using completely unrelated stacks in different regions, but AWS status page was all green.

Reply


@daniel-s 10 hours

Replying to @Phreaker00 🎙

The halt happened twice, but only lasted ~25 mins each time. It was back running before the arrival of most of the people that will end up getting to this post.

Reply


@ThalesX 12 hours

Replying to @Phreaker00 🎙

I'll be honest, this title worried me a lot more than the Facebook is down one.

Reply


@bennyp101 15 hours

Replying to @Phreaker00 🎙

I guess this really only affects those wanting to get new certificates for new (sub)domains.

For renewals, this is not a problem unless it's down for an extended period of time - and even then there would be time to switch providers. Should be using scheduled updates, and even if not, the email notifications come in on 20 and 10 days, so plenty of time to go and get it renewed.

Reply


@sebiw 16 hours

Replying to @Phreaker00 🎙

This is why most Let's Encrypt clients start renewal some x days before certificate expiration. 'Sall good. ;-)

Reply


@ddtaylor 16 hours

Replying to @Phreaker00 🎙

I'm fine with the outage LetsEncrypt overall has been great and they should take their time fixing whatever is wrong.

Reply


@chrisMyzel 11 hours

Replying to @Phreaker00 🎙

Anybody who's affected by this clearly is too late in renewing =)

Reply


@LeoPanthera 16 hours

Replying to @Phreaker00 🎙

Already restarted, was unavailable for 29 minutes. At the time of writing, performance is degraded.

Reply


@wyrm 16 hours

Replying to @Phreaker00 🎙

... for less than half an hour.

Reply


@geocrasher 16 hours

Replying to @Phreaker00 🎙

Lest anyone think that such issues only happen to free providers, check out Sectigo's status page:

https://sectigo.status.io/pages/history/5938a0dbef3e6af26b00...

For context, Sectigo also provides freebies for cPanel customers.

Reply


@cpach 13 hours

Replying to @Phreaker00 🎙

AFAICT users of Caddy would not have been affected since Caddy can fallback from one CA to another. Pretty clever!

https://caddyserver.com/docs/automatic-https#overview

Reply


@ipiz0618 11 hours

Replying to @Phreaker00 🎙

Wow the title got me worried. Luckily it's an outage not a shutdown.

Reply


About Us

site design / logo © 2021 Box Piper