The 47-day TLS certificate is coming. Your renewal strategy probably won't survive. | Poal: Say what you want.

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2026 Poal.co

177

•

The 47-day TLS certificate is coming. Your renewal strategy probably won't survive. (www.tidelock.dev)

Yeah, that's going to be so fucking "fun". So much shit is going to be breaking ALL THE FUCKING TIME.

Archive: (brkoen)

From the post:

>TLS certificate lifetimes are dropping from 398 days to 47 over the next three years. Here's what changes, why it's happening, and the eight things every platform team should fix before the first cliff in 2027. For the first ten years of the modern web's encrypted era, the median platform engineer thought about TLS certificates roughly twice a year. Renew. Click. Forget. By the late 2010s automation crept in. ACME took the click out, and most teams stopped thinking about certificates at all.

Yeah, that's going to be so fucking "fun". So much shit is going to be breaking ALL THE FUCKING TIME. Archive: (brkoen) From the post: >>TLS certificate lifetimes are dropping from 398 days to 47 over the next three years. Here's what changes, why it's happening, and the eight things every platform team should fix before the first cliff in 2027. For the first ten years of the modern web's encrypted era, the median platform engineer thought about TLS certificates roughly twice a year. Renew. Click. Forget. By the late 2010s automation crept in. ACME took the click out, and most teams stopped thinking about certificates at all.

You are currently inside a comment thread.

Click here to see all the comments (14).

[–] • 2 pts

Yeah, that won't work well with a bunch of legacy stuff and a TON of companies are going to fuck up not renewing or building an automated renewal process for various critical but obscure targets (this already happens all of the fucking time, even for huge companies).

parent
link

[–] • 1 pt

So how does it not work with legacy? What legacy shit actually uses certs? Nothing in my mfg/prod/semi world used certs.

And even if it did, how does renewing the cert not work?

parent
link

[–] • 0 pt

Place I work at uses a PBX that only allows you to install a cert manually via GUI. We tried to automate it but literally cannot be done any other way. Shit is stupid but we can't move to something else because the renewal is so cheap and management doesn't want to deal with setting up something new.

parent
link

[–] • 0 pt

So why does it need a cert? For a fucking pbx? But I see your point if it does and is manual, you fucked.

So how does it load said cert?

parent
link