[jonhohle]

Even if your page lasted 100 years, your cert wouldn’t. Who knows what DNS, or the equivalent to IP looks like in the 22nd century.

[sillysaurusx]

http://paulgraham.com actually fails if you try to access it via HTTPS. Maybe that's one way to get around the problem.

Is there really no way to date a cert for a century?

[banana_giraffe]

Nope, they top out at 398 days. I think there's even been some talk about limiting them to 90 days.

[hotpotamus]

Is there an actual RFC for that? I was thinking it was just browsers (Google really) who enforced it by convention.

[banana_giraffe]

As I understand it, it is just browsers enforcing it, with Safari [1] doing so first, then Chromium [2] doing the same, both doing so in 2020.

[1] https://support.apple.com/en-us/102028

[2] https://chromium.googlesource.com/chromium/src/+/master/net/...

[grumple]

Cloud providers have automated cert renewal.

[sillysaurusx]

Hmm. This is interesting. Skimming over https://docs.aws.amazon.com/acm/latest/userguide/managed-ren... it sounds like it might be a matter of using DNS validation, whatever that is.

So that just leaves the question of registrar. As much as I like gandi, it seems like a better idea to migrate the domain itself to Amazon too. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/re...

Theoretically, this would be a self-contained system — the only point of failure is AWS itself. As long as you load your account with a few thousand bucks, perhaps it will last “forever”.

I also like pg’s philosophy of "just pretend https doesn’t exist", but if it’s guaranteed that the automation won’t fail, it seems gratuitously fussy to insist on plain http.

Thanks!