The hinge lasts longer than a foldy screen.

A huge portion of Americans aren’t sure the earth is round and ‘idiocracy’ is fictional.

I’m okay with the more esoteric things being reserved for those who can comprehend them.

Just

Red flag.

serve your website with Caddy

There is no security risk so bad that it can’t be made worse by layering on new tech with its own issues and pitfalls. (Paraphrasing Bruce Jackson)

Also my workplace hosts their own dns

The best way to control the data.

and I think it will be a cold day in hell before they let me do automated updates.

This is of waning value, but don’t jump into half-assed automation early or you end up with problems like route53 hijacking.

If you’re truly unaware of why TLS is necessary or how to automate the process then you should probably retire.

Oof. You’re gonna hit the bottom of the table with your knee like that.

What part of your security training skipped over understanding the customer’s setup before making recommendations?

End users should start getting used to that expired certificate warning in their browser of choice and the process to tell it to continue to the site anyway.

We already have a lot of this, and it’s definitely gonna get worse. Is a security dance so convoluted that people are used to others just messing up really an effective process?

Given the biggest breaches were caused by default passwords and misconfigured S3 outhouses, are we focusing on the right stuff today?

LetsEncrypt also built ACME, so they’re the primary port for testing RFC8555. They’re just gonna work better at it.

But, as above, maybe Digi is still the way for you, with the right tooling glued in.

Good luck!

manual renewals with Digicert has been a pain in the ass. If anyone has experience with their automated option I’d love to hear it.

Aren’t they RFC8555-compatible?

Yep, seems so:

ACME Directory URLs – Get certificate-level automation for Extended Validation (EV) and Organization Validated (OV) certificates. Manage multiple ACME clients, running on Windows or Linux so you can efficiently automate certificate delivery regardless of the quantity of certificates you’re managing. Improve the security of using ACME in your network through our CertCentral discovery sensors. The sensor is an extra layer of security, ensuring the ACME client doesn’t directly speak to an unsecure third party.

If you search for RFC8555 or ACME, you may find a tool you can use that may be compatible for renewing Digicert certs automatically.

I’d love to actually help, but honestly I knew the RFC offhand (correction; I was close but off) and googled the rest myself, so dragging the problem to ACME - like RFK dragging the carcass of a deer back to his sedan - is the best I can do for you today.

get serious about automation.

I’m relieved this post didn’t mention Ansible. It’s nice we’ve avoided the irony of mentioning Ansible in a post also mentioning ‘serious’ or ‘modern’.

the concept of doing these processes manually becomes a total clusterfuck.

But it’s a known clusterfuck compared to the scary unknown of certs (and the boulder app).

Why not use self-signed certificates and have each search engine indexer also index the certificate and point out how long it has been since it has changed so that you can trust whatever search engine you wish instead of these mega centralized providers of certificates.

Freshness isn’t an indicator of validity. The fence around the nearby park is decades old and with inspection and minor repairs is still viable; commercials on TV promising mail-order boner pills or vast riches from slots and roulette are relatively new.

I have a mishmash dialect as we moved around a lot when I was a child; very rural, too. I’ll say “hambag” and “ain’t” and “me an’ this guy” and my sister says “ambliance”, but we spell it all correctly.

Did your chess expert know the spelling and say it wrongly, or was there confusion about the spelling too?

You must struggle with nouns like ‘deer’ and ‘mail’.

Has anybody been able to build a statically linked binary

The question should by why you’d want to. Careful if your reply is something about ‘one binary to work on a very diverse arrangement of library pinnings’ because the next question would be ‘why would you think that’s either achievable or valuable as a goal’; and toss in a ‘why try to ship the same binary in several different repos anyway’ bonus question.

In short, if your biggest problem is how to build a binary that works everywhere, you have a lot of questions about responsible build/release processes to answer, and they will be embarrassing for you.

dogging

I’m not sure that word means what you think it means.

You’re talking about a shared park. A much better use for land instead of a hoarded, fenced lawn.

Birth order is never in question.

If it’s to avoid the cancer box, I’ll take the feel-up. I’ve been in Basic. I no longer have shame.

Evaluation of the product no longer required.

I gotta travel with my twin more often. I can 50-50 unlock his stuff. Let’s fuck this up.