[JohnFen]

LE's short expiry is the primary reason why I don't use it. Yes, I know, automation is the approved solution for this, but it's not a great solution for me.

[dijit]

Agreed, when the tools stop working (which, they do) then suddenly what was swapping out a file instead becomes a big ordeal with fighting nginx .well-known bypass or trying to figure out why lets encrypt can't connect via IPv6 but everything else seems to be able to or, in my case, when certbot-auto stopped working and had no upgrade path on oBSD.

my blog and personal website are down for this reason, I simply can't spend half-a-day at this point in my life figuring out how to do this on OpenBSD. So I'd rather just leave it dead at this point.

Guess I could just buy an SSL certificate still, maybe I do that tonight.

[WirelessGigabit]

I use DNS-01. In fact, it's the only way I can do it as LE doesn't have access to my internal setup.

And buying an SSL cert only gives you 368 days in Chrome / Apple browsers: https://support.apple.com/en-us/102028

[dijit]

DNS-01 is awkward with multiple TLDs and providers for a site.

For me it’s like;

    blog.jharasym.com - namecheap
    blog.jharasym.dev - gandi
    blog.dijit.sh - self hosted with BIND

[justsomehnguy]

'DNS Alias Mode', eg https://dan.langille.org/2019/02/01/acme-domain-alias-mode/