[azov]

We wanted TLS everywhere for privacy. What we ended up with is every site needs a constant blessing from some semi-centralized authority to remain accessible. Every site is “dead by default”.

This feels in many respects worse than what we had with plain HTTP, and we can’t even go back now.

[jmb99]

> What we ended up with is every site needs a constant blessing from some semi-centralized authority to remain accessible.

Do you have any examples of sites that have been blocked by the free ACME providers?

[azov]

If you mean that sites with expired certificates may technically be accessible if one jumps through enough hoops and ignores scary warnings - yes, of course you’re right.

Maybe this will just teach everyone to click through SSL warnings the same way they click through GDPR popups - for better or worse.