Let's encrypt

Not that guy, but subdomains are a security boundary in web apps. Pages from different subdomains have different origins, so they have to use CORS when they communicate and an XSS on one subdomain won't affect the others.

Yes. Both at work and for personal site and mail server.
The automation works, but seeing as it's 'beta' I'm worried they'll make a change that breaks something. I'm mulling over ways of monitoring expiration and/or successes or failures of the automated renewals.

No, I generate my own certificates.

>There's no excuse for using unencrypted HTTP
Well if the cert is not signed it will give warning in the most browsers.

Yes, but there's no excuse for not having a trusted cert, since the Let's Encrypt ones are free.

How can they provide something for free that costs money otherwise, don't trust them it's trap.
Trusted certs were mistake.

how can you trust them if you pay them money? kek

I don't that's why I only host from port 80.

this is fucking dumb

your dump.

The HTTPS trust model was a mistake because it relies on (often dodgy) certificate authorities, but we're stuck with it now, and Let's Encrypt is improving the situation. The old certificate authority mafia used to over-charge for their DV certs, but Let's Encrypt has proven that it's not that difficult to be a better certificate authority than all the rest. Their small infrastructure costs are funded by donations from people who are interested in security, want universal HTTPS deployment and are sick of the old certificate authorities.

If you host an unencrypted HTTP service in 2017, you might be retarded. You lose nothing by trying out Let's Encrypt and most ACME clients will set your certs up automatically.

...

What's so retarded about hosting a site that has nothing to gain from encryption?

Every site has something to gain from encryption. By deploying HTTPS, you are protecting your users from passive surveillance of their internet browsing activities, you're protecting your own pages from being modified by things like Comcast's retarded usage alerts and you're also potentially giving your site a performance boost, since modern browsers only allow HTTP/2 over HTTPS.

Not to mention Firefox and Chrome are considering marking all unencrypted HTTP sites with a "Not Secure" icon in the location bar. Security-aware users are already starting to relate a lack of HTTPS support with an incompetent webmaster.

No, I have no use for it.

Why?

no since I get wildcard certs for free

>Because I have some dynamic subdomain bullshit going on
>can't set up dynamic cert bullshit
you have no excuse, you're just stupid

To be fair, you need to write to them and ask them to lift their rate limits for your account if you intend on "setting up dynamic cert bullshit." Their rate limits are too restrictive for this otherwise.

Because I do not host any website.

We have no idea about his usage, so no, that's not fair. He's just an idiot.

Also,
>If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate. Combined with the above limit, that means you can issue certificates containing up to 2,000 unique subdomains per week. A certificate with multiple names is often called a SAN certificate, or sometimes a UCC certificate.

>"Not Secure" icon in the location bar
only if there is a form with password-field in firefox. Can't say how chrome handles it.

Yeah, that's the current behaviour. Both browser vendors are considering the possibility of showing "Not Secure" for all unencrypted sites in future.

I know right
I print my own money