> It’s easy to forget how awful TLS was before Let’s Encrypt: you’d pay per-hostname, file tickets, manually validate domains, and then babysit a 1-year cert renewal calendar.
I remember getting a 10(I think?) year wildcard cert in ~2009. I get why that changed and, while it's not great for my personal usage, I see the value for the majority of the web, but the story definitely looked more like "we decided to make TLS so difficult you have no choice but to automate" when it came time to finally replace it.
If there were two things which would make me happier with it all it'd be 10x rate limits on Let's Encrypt (so you don't have to even think of it when you screw something up/test different things for a week) and some more extension/standardisation of ACME on an internal facing service talking with an external DNS server to do the DNS challenge more easily in this scenario.
I remember getting a 10(I think?) year wildcard cert in ~2009. I get why that changed and, while it's not great for my personal usage, I see the value for the majority of the web, but the story definitely looked more like "we decided to make TLS so difficult you have no choice but to automate" when it came time to finally replace it.
If there were two things which would make me happier with it all it'd be 10x rate limits on Let's Encrypt (so you don't have to even think of it when you screw something up/test different things for a week) and some more extension/standardisation of ACME on an internal facing service talking with an external DNS server to do the DNS challenge more easily in this scenario.