Uhm. “A significant amount of infrastructure”? Uhhhm. Put a reverse proxy in front of your webserver? Problem solved? Or use log analyzers? With alerts?
I think he’s referring to certain enterprise switches and other networking gear that has basically zero support for automation.
For me personally, I would be replacing that equipment but some businesses would rather pay a few hundred bucks every year + manpower to replace the certs than a few thousand once to replace the equipment.
The only network you’re likely to use that actually follows the OSI model is the CAN bus inside a car. And that’s starting to get replaced by DoIP, which uses the IP model (link layer, internet layer, transport layer, application layer, note the lack of session & presentation layers and combination of the physical & data-link layers into the link layer).
I am trying to figure out how my little non interesting domains have kept certified for decades now without lapsing, while they can’t seem to keep it together even after a failure.
Hard to imagine that they are so big that people simply forgot to get notices or manage the certs after it has happened so many times before.
I’m not aware of any web server that’s still maintained and has wide adoption (so no web servers written by a teenager in Haskell to just fuck around and figure out how web servers work) that doesn’t support the ACME protocol. I highly doubt Manjaro doesn’t use something mainline like nginx.
The renew failing should’ve sent someone a warning that manual intervention is required. This happens from time to time but the fact this went longer than a few minutes unfortunately says a lot about the project.
Wow. How does this happen when letsencrypt exists? Or certbot?
More importantly… How does this happen again?
There is a significant amount of infrastructure that does not support cert bot out there.
That being said they are using LE but looks like the renew failed.
https://www.ssllabs.com/ssltest/analyze.html?d=manjaro.org&s=116.203.91.91&latest=
Uhm. “A significant amount of infrastructure”? Uhhhm. Put a reverse proxy in front of your webserver? Problem solved? Or use log analyzers? With alerts?
There is literally no excuse.
I think he’s referring to certain enterprise switches and other networking gear that has basically zero support for automation.
For me personally, I would be replacing that equipment but some businesses would rather pay a few hundred bucks every year + manpower to replace the certs than a few thousand once to replace the equipment.
…you don’t need your networking gear to support this in any way
Yeah, this is about 5 layers above that in the OSI model
The only network you’re likely to use that actually follows the OSI model is the CAN bus inside a car. And that’s starting to get replaced by DoIP, which uses the IP model (link layer, internet layer, transport layer, application layer, note the lack of session & presentation layers and combination of the physical & data-link layers into the link layer).
I am trying to figure out how my little non interesting domains have kept certified for decades now without lapsing, while they can’t seem to keep it together even after a failure.
Hard to imagine that they are so big that people simply forgot to get notices or manage the certs after it has happened so many times before.
Then there should be a significant amount of infrastructure behind something like caddy.
I’m not aware of any web server that’s still maintained and has wide adoption (so no web servers written by a teenager in Haskell to just fuck around and figure out how web servers work) that doesn’t support the ACME protocol. I highly doubt Manjaro doesn’t use something mainline like nginx.
The renew failing should’ve sent someone a warning that manual intervention is required. This happens from time to time but the fact this went longer than a few minutes unfortunately says a lot about the project.
Skill issue
*again again