Posted on Tue 01 March 2016
The free SSL certificates available through Lets Encrypt are working quite well here. You may recall I last spoke of that project in the future tense, back in May.
I have a cron job which runs at the beginning of each month to regenerate all the certs that we are currently using; this gives me two months to discover and fix any problems that might occur.
It would be nice if LE had a better story about explicitly renewing rather than reissuing certificates and forgetting about the old ones. I understand that they are working on that.
LE also has an annoying habit of sending email every month warning that certificates are about to expire. This is, of course, related to their renewal problem.
This is, of course, a classic DevOps problem: once you have an automated system, you discover the flaws in your monitoring of that system. I’m sure they will fix it.