Path: ...!weretis.net!feeder8.news.weretis.net!newsfeed.xs3.de!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED.chiark.greenend.org.uk!not-for-mail
From: Theo <theom+news@chiark.greenend.org.uk>
Newsgroups: comp.misc
Subject: Re: Website Certs Will Soon Last Only 47 Days
Date: 12 Apr 2025 11:44:45 +0100 (BST)
Organization: University of Cambridge, England
Message-ID: <buh*heP-z@news.chiark.greenend.org.uk>
References: <vtc5an$2oj80$1@dont-email.me> <wwv4iytaimx.fsf@LkoBDZeT.terraraq.uk>
Injection-Info: chiark.greenend.org.uk; posting-host="chiark.greenend.org.uk:93.93.131.173";
	logging-data="10443"; mail-complaints-to="abuse@chiark.greenend.org.uk"
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/5.10.0-28-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([93.93.131.173])
Bytes: 1615
Lines: 14

Richard Kettlewell <invalid@invalid.invalid> wrote:
> Right, the organizations who will have a real problem are those still
> renewing certificates manually. They have a choice between spending a
> bit more on their own staffing, or automating renewal (probably cutting
> their overall costs in the long run).

I can see this being a big pain for private infrastructure.  Much networking
gear, for example, has a web interface for uploading a certificate, but not
an automated flow for doing so.  If that gear is also not able to reach the
internet it can't do any kind of 'well-known' challenges.

I'm sure there are workarounds, but they won't necessarily apply to what's
already out there.  This change could be disruptive for that.

Theo