[lazypenguin]

I don't agree. I spent a significant amount of time playing around with servers and never developed "mastery". I think that server administration has gotten more complex and the tools haven't changed much to help. A simple example is setting up an HTTPS/TLS/SSL endpoint. In the past, you just ran the HTTP server and you were off. Now there's a whole load of extra ceremony to setup a CA and sign your own cert or download a cert and merge it into something else. I think one can easily find many tiny little paper cuts like that and each time you have to remember some special process for how you do it. Unless you're repeatedly doing it or taking good notes it's hard for that knowledge to stick. Not to mention things change over time and across distributions (initv, systemd, etc.)

[pabs3]

If anything TLS has gotten easier since Lets Encrypt came along. You just install one of the clients for it, configure a domain and periodic renewal and you're done.

[brigandish]

For a public facing computer, yes, for a private one, not so much[1].

I use mkcert[2] for this but it's still fiddly.

[1] https://letsencrypt.org/docs/certificates-for-localhost/

[2] https://github.com/FiloSottile/mkcert

[rys]

I bought a domain to use for my home network instead. I have LE issue a cert for it via DNS challenge and use it liberally with hosts on my LAN, with the excellent benefit that I don’t need to give clients a new CA I invented.

[pwdisswordfish6]

It's not easier than HTTP sans TLS, which is the point that was being made.