undefined | Better HN

0 pointsdeaps6y ago0 comments

So for my personal projects, I use lets encrypt. As far as I know (and I could be wrong now, haven't checked in a while) - their certs are only good for 3 months. Which is simple enough to get around - run a script on your box that updates the cert every 90 days automatically.

At work, we use a paid certificate that is good for a longer period of time (normally a year). So that's one benefit to paying, I suppose.

As far as encryption technologies and security, the traffic encrypted by a lets encrypt cert is just as secure as the traffic secured by a paid-for CA signed cert.

0 comments

taftster6y ago

The fact that Let's Encrypt certificates expire quickly is a feature, not anything to do with paid vs. non-paid.

Let's Encrypt could have just as easily generated certificates good for a year or more. But the point of Let's Encrypt is to force you to do this in an automated way, using scripts like you suggest.

You're not getting around anything. The choice was by design.

https://letsencrypt.org/2015/11/09/why-90-days.html

anewaccountaday6y ago

They have a built in command for their 'certbot' cli now that you can use to have your certificates update automatically.

(It's been a bit sinse I went through it but I think it may be as simple as a extra flag in the command to generate the inital cert)

sadfklsjlkjwt6y ago

Usually you set up auto-renewal with lets encrypt. Easier than remembering to renew every year.

j / k navigate · click thread line to collapse