[jtokoph]

> A fix to resolve the issue will roll out in about 8 hours

oof

[catsquirrel28]

I guess it's good Google hasn't succeeded in forcing people to renew certificates every 8 hours (yet)

[bawolff]

In theory 8 hours of downtime should be fine for a CA. Obviously not ideal, but the pki system is not meant to be a live system.

[SchemaLoad]

Fairly sure it used to be pretty much a manual process where someone had to actually process your request for a certificate on the other side.

[Ayesh]

Yes, and it's not that long ago, or I aged really quickly.

For code signing certificates and EV certificates, (and OV certificates, if they are even alive), this is still the case.

[SchemaLoad]

It's been 11 years now since Lets Encrypt started with automated certs. EV certs I think died a long time ago.

[altairprime]

That feeling when you have to suspend production service until the time lock safe can be opened.

[altairprime]

That feeling when you finally get the timelock safe open and have to do certificate work that shatters YouTube’s connection to the account personalization systems.

[themafia]

The same amount of time it feels like it takes for my google functions to deploy.