[pibaker]

What are the viable alternatives to LE? And in case none exists, what does it take to build one?

Requirements: free, available to everyone, automation friendly, issues certificates that are actually considered trustworthy by other parties.

[treesknees]

ZeroSSL – free 90-day certs via ACME, also has a web UI for cert management

Google Trust Services – free ACME certs, requires a Google account for registration

SSL.com Free DV SSL – offers free 90-day certs through ACME

[polpo]

I use acme.sh for certs on my personal server and was a little surprised when it started using ZeroSSL by default. Despite being more "corporate" I decided to roll with it and it's worked just fine.

[curben]

acme.sh is maintained by ZeroSSL. https://github.com/acmesh-official/acme.sh#2%EF%B8%8F%E2%83%...

[JumpCrisscross]

Have the EU or Canada pushed to launch an analog of their own?

It seems a bit silly that a service that could be forced by EO to revoke foreign certificates is the backbone of so much of the internet.

[dlcarrier]

This video explores a little on how certificate authorities were given their authority and a lot on how it can fail: https://www.youtube.com/watch?v=M1si1y5lvkk

It's a bit mathy, but if you can make it through that, I highly recommend watching the whole video, especially if you like dad jokes.

[evbogue]

Like peers could sign sites?

[otabdeveloper4]

> What are the viable alternatives to LE?

None. Big tech intentionally made Let's Encrypt a single point of giant failure.

> And in case none exists, what does it take to build one?

A new Internet and Web standards stack. The whole problem is self-imposed -- we could have published self-signed Ed25519 keys on the DNS instead, and the result would be more secure than whatever it is we have now.

[icedchai]

Do you remember the early days of SSL certificates? It took an act of god just to get a certificate: verification rituals like faxing corporate paper work, phone calls, manually reissuing certs because someone forgot the "www", forgotten renewals...

Let's Encrypt is incredible.