#2674

I had to manually force renew the TLS certificate for my site (the thing that makes it encrypted over HTTPS) because of a bug in LetsEncrypt’s software. I was given less than 24 hours to do so, with notice given by email. I’m glad I wasn’t on vacation or something.

I have certbot set up to automatically renew my certificates. It has largely been a set and forget thing until now. I hope certbot and LetsEncrypt can come up with a solution to check for forced revocations automatically in the future. It’s already set up to run daily by default. If it could check some LetsEncrypt revocation API or something, that would be nice. Obviously, this is rare and that could be a lot more traffic for them, and the short notice could cause downtime with a daily run process depending on the timing. But, it’s a big problem for site owners if their sites effectively go down because of revoked certs that they weren’t able to update that quickly.