Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Lawrence D'Oliveiro <ldo@nz.invalid>
Newsgroups: comp.misc
Subject: Re: 6-day TLS certificates from Let's Encrypt
Date: Thu, 12 Dec 2024 06:07:53 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 14
Message-ID: <vjdujp$20g9u$2@dont-email.me>
References: <877c85reae.fsf@example.com>
	<20241212.001223.a7feaecb@mixmin.net> <vjdanm$1potb$1@dont-email.me>
	<1810487515d7ada1$4727$2365644$4296dcc3@news.newsgroupdirect.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 12 Dec 2024 07:07:54 +0100 (CET)
Injection-Info: dont-email.me; posting-host="f089114b1739cee2d645e6e434e62749";
	logging-data="2113854"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/uRkUW2pee9cziLQHDjxVv"
User-Agent: Pan/0.161 (Chasiv Yar; )
Cancel-Lock: sha1:Tk2djcfgkp73YFV9F8IEZm6Cq1k=
Bytes: 1731

On Thu, 12 Dec 2024 01:05:24 +0000, Broseki wrote:

> I have been running 2-day TTL certs for some services I run. It is not
> bad at all with ACME since things just renew in the background; and it
> really helps cut down on the possbile impact of a compromised cert.
> 
> Without ACME though, no way it would be possible XD

If the Let’s Encrypt folks have no trouble with the server load, then I 
guess I have no objection either.

When I started using Let’s Encrypt, I found the default setting for Debian 
was to check for renewals twice a day. That shocked me a bit, but I assume 
they knew what they were doing.