[Tostino]

I'm not going to give them credit for the work that Lets Encrypt did.

[master_crab]

I agree, Let’s encrypt and ACME played a massive role. But it’s still far easier having Cloudflare handle TLS encryption for you.

And i say this as someone who uses ACME in certmanager and certbot at home and still prefers the ease with which Cloudflare generates a cert for my domain and terminates TLS for the public side of my cloudflare tunnel.

[Tostino]

For my home stuff I just use nginx-proxy-manager and haven't thought about it since I set it up a couple of years ago.

For work, I used to use certbot directly at my old place. Now I am building my new stuff on k8s, and I have the ingress manage my certs for me (likely using certbot or similar behind the scenes). Both have been extremely low setup effort and no ongoing effort.

I don't like giving Cloudflare my (or my companies/customers) data in exchange for being able to click a checkbox.

[TiredOfLife]

Lets Encrypt can proxy my old http only website to show as https? Without access to server configuration? How?

[Tostino]

With nginx-proxy-manager which uses Let's Encrypt for certs you can... This isn't the gotcha you think it is.

[TiredOfLife]

I don't have access to the server.

[Tostino]

It can be run anywhere. You don't need it on the same server. Cloudflare isn't running on the same server either.

[TiredOfLife]

Cloudflare is a checkbox.

[Tostino]

And you only let them see every bit of traffic to and from your site in exchange.

What a deal.

You changed the subject btw.

[spoiler]

My bad! I slightly confused my timeline. CF offered free certs long before LE!