Hacker News new | ask | show | jobs
by JankySolutions 3058 days ago
Required maintenance for a simple, static https site: Install certbot, press enter a few times, forget about it.

"keep a cron job running" sounds like it you're running the cron job by hand.

>Even the top 100 sites are only at 80% https by default, and they do it for a living!

That's entirely separate from your "simple, static site" example and yes, rolling any sort of large change out to a big site is a big deal, and if there isn't business motivation to do it it likely wont happen. Google is providing everyone a business motivation by threatening to point out to users that insecure sites are insecure.
1 comments
dfabulich 3058 days ago
> "keep a cron job running" sounds like it you're running the cron job by hand.

Cron jobs fail sometimes. You have to monitor them, investigate why they failed, fix the issue, and rerun them.

Web servers fail, too, but with shared hosting, it's mostly not your problem. And shared hosting providers are still trying to charge an arm and a leg to manage SSL certs for you (because it's a nice high-margin business for them).

link
skrebbel 3058 days ago
There's plenty shared hosting provider that just have a free let's encrypt powered "https" toggle.

Eg tools like cPanel have built in support for it now.

link
ams6110 3057 days ago
Right -- so the security of a "Let's Encrypt" certificate is very minimal. It prevents MITM shenanigans and that's about it.
link
CydeWeys 3057 days ago
And spying/surveillance/analytics/snooping. That's not minimal. And you get all those benefits from checking a checkbox in cPanel and the rest is handled automatically? Who could be against that?!
link
JankySolutions 3057 days ago
What other shenanigans are you concerned about? MITM and sniffing are basically what https/tls are designed to prevent.
link
anchpop 3055 days ago
There's shenanigans like "grnail.com" pretending to be "gmail.com" which bigger and much more expensive certs prevent against. But the benefit of https that doesn't prevent against this is still very high
link
tokenizerrr 3058 days ago
1. You don't have to monitor your cronjobs. They'll send you an email when they produce output.

2. Let's Encrypt will send you an email if your certificate is going to expire in a month. This will normally never happen, since it is continuously renewed.

link
TeMPOraL 3058 days ago
> 1. You don't have to monitor your cronjobs. They'll send you an email when they produce output.

You now have to configure e-mail on your small server to actually work (and not get immediately eaten by spam filters of your personal e-mail provider).

link
jacobparker 3058 days ago
The email doesn't come from your server, it comes from Lets Encrypt.

https://letsencrypt.org/docs/expiration-emails/

link
TeMPOraL 3058 days ago
Ah, ok. I read "they" as "cron jobs".
link
kelnos 3057 days ago
Why are you arguing against basic server administration if you're, y'know, a server admin?
link