Let's encrypt

Let's encrypt

The sassy "Yes, let's." with proper punctuation is what gets me

SSL certs are free. It's getting trusted CA's to sign them that costs money.

"Yeah, ok, weirdo"

Ok, I didn't get the joke and had to look it up.

Let's Encrypt is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites

its confusing name, first time i heard of it I was thinking the same :D.

For anyone still confused: https://letsencrypt.org/

I paid like $10 for mine. $100 seems a bit high unless it's for unlimited sub domains or something.

Provide me some kink baby.

"."

There you go :)

https://letsencrypt.org/

Here you go brotha

Am showing u da wae because I didn't get it until a comment few threads down

It's called Let's Encrypt, he could have provided a kink though

Multi domain EV certificates can be very expensive, easily over $100 from most suppliers.

I hate this sub cuz it’s one big inside joke that I don’t get

well if the person said letsencrypt it would make sense

Thank you. I didn't get it as well.

I'm a programmer, but I'm missing the humor part I guess.

I gotchu bae

Image Transcription: Reddit

SlowDownBrother, 9 points

I thought ssl certificates were around $100 a year. Is there a free way?

isometricpanda, 41 points

lets encrypt

SlowDownBrother, 39 points

Yes, let's. But that doesn't answer my question..

I'm a human volunteer content transcriber for Reddit and you could be too! If you'd like more information on what we do and why ...

I've been laughing tears for three minutes now

Yes, let's.

Let's Encrypt, Amazon's ACM, and others are free these days. If you're paying for standard, non-EV SSL certificates in 2018 you're doing something wrong.

Let's Encrypt are rolling out wildcard certs soon or already have :)

Feb 27th, thanks ffffound!

That brother needs to slow down. And encrypt.

That's some kinky hoes

GoDaddy wants $350 a year. Fucking crooks.

"Oh, you don't understand, we had to add a * to your CN, that's worth the extra $250."

In this guy's defense I didn't know that was thing either

All Symantec SSL certs will be distrusted soon. Mozilla and Google gave a big middle finger to Symantec for not following rules and putting customers at risk, effectively ending Symantec's certificate business.

Wildcard certs are about $600 from DigiCert.

LETTUCE ENCRYPT

Where is your onion now??

“’"””‘''"

On Feb 27. Currently in the staging environment.

Good Bot

do be fair, almost everything about the CA system is cancer. Pretty much any CA can sign pretty much any domain, and be equally trusted by your browser. "Our signing system is so secure, it justifies that $600" is meaningless when an attacker can just attack one of the insecure ones.

To put it another way: do you trust China to sign for domains that don't end in .cn? Because your browser does.

ah, yes, the human architecture for reddit bots. it's quite effective

$1000 from Norton IIRC

I'm guessing it's a picture of a hose with a kink in it?

if only there was a way to find out for yourself

Yes, let’s.

Jokes tend to be funnier when you understand them, yes.

I like encryption

SSL CERT!!! NEXT!!!

¯\_(ツ)_/¯

Woah thanks friend

This person certs.

Amazon is only relevant if you're using AWS.

Also, LE doesn't do wildcard (yet! scheduled for launch at the end of this month!)

My body is so. Very. Ready.

I clicked the link after I made the comment. I've never felt so accomplished.

They can also just kinda take you off google search, which is basically not existing

Probably the right decision. But it's kinda scary how easily Google can destroy a business, isn't it?

Can't have your business transactions hacked for sensitive info if you have no transactions

Taps temple

Oh ha, this is funny. I work for a place that builds websites, and the owner's response today to me bringing up the fact that Google is going to start punishing sites that don't have SSL was, "let's encourage our customers to stop using forms."

Wat

Website doesn't automatically equal business

Honestly, SSL is good for encryption, less so for verifying authority and man in the middle attacks.

Honestly, unless you're an infosec contractor and lvl 99 CySec main with full control over your entire network and software stack all the way to the isp with total control over your browser, then you're probably being hit by a MITM attack at some level.

Modern networking seems ludicrously insecure if you're after total security. We all just take the fact that orchestrating an attack against an individual is very expensive and hope nothing important is stolen from the wide nets of prying eyes, malacious middlemen, and untrustworthy authorities of trust.

That's a terrible business model.. Pay him his million dollars!

I'm not so sure I agree. Plenty of big businesses don't have EV certificates. Just taking a glance, google, amazon, and facebook don't seem to have them. I'm not sure it is something customers actually care about.

Yes, let's.

Wasn't the auto-cert thing always called CertBot? And the service is still Let's Encrypt.

lets encrypt

The next lady has made it to this sub too?

But who's on first?

Didn't seem sassy to me. Seems like he was unsure of how to respond because he didn't understand why someone would just write that. Funny either way.

Digicert is cancer.

But then they go and ruin it all with the double period at the end! Did they accidentally double a period or leave one off of an ellipsis? How will we ever know exactly how much they trailed off at the end of that sentence!?

Holy shit, if it was a bot it would be a million dollar bot.

I really like encryption

Not with Let's Encrypt

Woah, i don't think we need to know about his sex life

Norton is a scam. They're like the mafia of cybersecurity

It's halfway between a period and an ellipsis, so it would be half of the amount of trailing off normally implied by an ellipsis.

I am serious — and don't call me Shirley

It's over there set to 350.

I to learned that its thing.

That's why it's certbot now =]

* spits on da plebs *

You are the new queen

It's funny that "programmerhumor" finds this funny, considering this is laughable support, where you try to help novices, but you do it without being clear.

It's shouldn't be funny because the user looking for help doesn't understand, it should be funny because the person attempting to help is doing so very poorly, without any description to his comment.

GoDaddy is a rip off. They over charge for every single service they offer.

See normally I’d think that’s a typo, but this thread has got me all sorts of confused

Shh bby is ok

/sub/iamverysupport

That's the point!

Setup a cron job to automate replacing them and it makes it harder to end up with old, insecure, certificates. They expire so fast that not automating their replacement ensures that they expire in a reasonable amount of time.

And it's still so much more reassuring than our telephone system. The idea of doing purchases over the phone feels insane to me since phones are so much less secure than our digital networks. I mean, it's pretty much in consensus now that sending sensitive info without at least HTTPS is a horrible idea. But pretty much every phone call is like that.

And while I know how to secure my internet network (at least to some "good enough" point since perfect security is impossible), I don't know how to achieve the same level of security with my phone network. The first step I can think of is to just avoid half the problem by using VoIP over an encrypted protocol. But even then I'd need some way to verify the caller is who they say they are. I'm not sure how to achieve that short of exchanging a pre-setup secret code. We don't have anything like CAs for phones, as far as I know. Or if we do, I don't know how to use it, which is a stark difference from how my browser automatically authenticates the domain's certificate).

I’ve read somewhere that Google ranks EV higher with regards to SEO, which for some companies or people is worth the increased cost.

{`www.-ombo.com`, errInvalidDNSCharacter}, {`www.zomb-.com`, errInvalidDNSCharacter}, {`zombo*com`, errInvalidDNSCharacter}, {`*.zombo.com`, errWildcardNotSupported}

Anything is possible, except invalid DNS entries.

It's free. But they only offer domain validation SSL certificates, which are the least trusted. Fine for a personal website or blog but not the best for a business.

Seriously? I'll have this for you by tonight if you send me a million xD

What did you expect, a puppy?

Let's Encrypt is only available for public dns entries. If you have internal resources that require SSL, you still have to pay or setup your own CA and get your devices to trust it.

I’m sorry. I came here from /sub/all

Same, still find it kinda funny in a weird "fellow kids programmers" way.

Don't worry, if you're the type that hangs around places like this you'll hear about it.

Oh, that's easy!

Lettuce encrypt with a key shared with node 1. Lettuce encrypt with a key shared with node 2. Lettuce encrypt with a key shared with node 3. Transmit data through network via this path.

Boom! You lettuce make an onion!

Yes, he is.

When I was building my first real web application for school, I decided to go through GoDaddy for the domain name. Jesus fucking christ I could NOT believe what they're charging for certification.

Sort of looking forward to this. The main purpose I see is "pretty" hostnames for SEO purposes.

So is LetsEncrypt free or not?

We're good at coding, not jokes.

nice

This is my impression as well. The term SEO is misleading - what you actually need to do to stay relevant in search results is basically produce good and regularly updated content.

Yes, let's. But that doesn't answer my question...