1. 10

  2. 1

    I think Let’s Encrypt is an awesome service, and providing certs for free is really great for admins, but… I can imagine a scenario where, after LE grows substantially and for example, renews 100,000+ certs per day, a serious havoc spreads through the web when their renewal service goes offline for a good portion of a day, and the 100K+ websites use expired certs. What will their millions of visitors do? Add exceptions? Browse elsewhere? I have no good solution in mind. Maybe it’s just the hidden cost of LE. Not that using other cert authorities is any better (it’s worse).

    1. 9

      I don’t believe that’s an issue. LE certificates are valid for 90 days, but most clients are set up to renew them after only 60 days. Consequently, the LE servers would have to be down for a full month before certificates start expiring.

      1. 1

        Ah, forgot about that. You are correct, 30 days would be enough to sort things out.