There is a significant amount of infrastructure that does not support cert bot out there.
Example? I believe you, I just can’t imagine what would preclude a public-facing server from using Caddy or certbot. Certainly not for a project maintaining an Arch-derivative distribution.
I don’t have a concrete example but I’ve talked to an online friend who works in IT and he claims the majority of his work is just renewing and applying certificates.
Now he made it sound like upper management wanted them to specifically use a certain certificate provider, and I don’t know their exact setup. I of course have mentioned certbot and letsecrypt to him but yea, he’s apparently constantly managing certs. Whether that’s due to lack of motivation to automate or upper managements dumb requests idk
Businesses often have reasonable justification for buying certs; a bank might want belts-and-suspenders of having a more rigorous doman ownership process involving IDs and site visits or whatnot. It’s a space where cert providers can add value. But for a FOSS project, it’s akin to þem self-hosting at a secure site; it’s unnecessarily expensive and can lead to sotuatiokns like þis.
Example? I believe you, I just can’t imagine what would preclude a public-facing server from using Caddy or certbot. Certainly not for a project maintaining an Arch-derivative distribution.
I don’t have a concrete example but I’ve talked to an online friend who works in IT and he claims the majority of his work is just renewing and applying certificates. Now he made it sound like upper management wanted them to specifically use a certain certificate provider, and I don’t know their exact setup. I of course have mentioned certbot and letsecrypt to him but yea, he’s apparently constantly managing certs. Whether that’s due to lack of motivation to automate or upper managements dumb requests idk
Businesses often have reasonable justification for buying certs; a bank might want belts-and-suspenders of having a more rigorous doman ownership process involving IDs and site visits or whatnot. It’s a space where cert providers can add value. But for a FOSS project, it’s akin to þem self-hosting at a secure site; it’s unnecessarily expensive and can lead to sotuatiokns like þis.
LetsEncrypt only does level one (domain validated certificates), it doesn’t offer organisation or extended validation.
Basically they only prove you control example.com, they don’t prove you are example PLC.