WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2026 Poal.co

878

Yeah, that's going to be so fucking "fun". So much shit is going to be breaking ALL THE FUCKING TIME.

Archive: (brkoen)

From the post:

>TLS certificate lifetimes are dropping from 398 days to 47 over the next three years. Here's what changes, why it's happening, and the eight things every platform team should fix before the first cliff in 2027. For the first ten years of the modern web's encrypted era, the median platform engineer thought about TLS certificates roughly twice a year. Renew. Click. Forget. By the late 2010s automation crept in. ACME took the click out, and most teams stopped thinking about certificates at all.

Yeah, that's going to be so fucking "fun". So much shit is going to be breaking ALL THE FUCKING TIME. Archive: (brkoen) From the post: >>TLS certificate lifetimes are dropping from 398 days to 47 over the next three years. Here's what changes, why it's happening, and the eight things every platform team should fix before the first cliff in 2027. For the first ten years of the modern web's encrypted era, the median platform engineer thought about TLS certificates roughly twice a year. Renew. Click. Forget. By the late 2010s automation crept in. ACME took the click out, and most teams stopped thinking about certificates at all.
You are currently inside a comment thread.
Click here to see all the comments (14).
[–] 2 pts

So last time I battled this, I setup some corn job to do an auto re-issue as needed. Think the logic as I remember is “check cert exp, if tomorrow, re-gen” Forgot the provider or the script but it’s out there. Seems to work. And with this logic, they can make it daily for all I fucking care.

If anyone wants details I’ll go dig out my notes.

[–] 2 pts

Yeah, that won't work well with a bunch of legacy stuff and a TON of companies are going to fuck up not renewing or building an automated renewal process for various critical but obscure targets (this already happens all of the fucking time, even for huge companies).

[–] 1 pt

So how does it not work with legacy? What legacy shit actually uses certs? Nothing in my mfg/prod/semi world used certs.

And even if it did, how does renewing the cert not work?

[–] 0 pt

Place I work at uses a PBX that only allows you to install a cert manually via GUI. We tried to automate it but literally cannot be done any other way. Shit is stupid but we can't move to something else because the renewal is so cheap and management doesn't want to deal with setting up something new.