WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2026 Poal.co

295

Yeah, that's going to be so fucking "fun". So much shit is going to be breaking ALL THE FUCKING TIME.

Archive: (brkoen)

From the post:

>TLS certificate lifetimes are dropping from 398 days to 47 over the next three years. Here's what changes, why it's happening, and the eight things every platform team should fix before the first cliff in 2027. For the first ten years of the modern web's encrypted era, the median platform engineer thought about TLS certificates roughly twice a year. Renew. Click. Forget. By the late 2010s automation crept in. ACME took the click out, and most teams stopped thinking about certificates at all.

Yeah, that's going to be so fucking "fun". So much shit is going to be breaking ALL THE FUCKING TIME. Archive: (brkoen) From the post: >>TLS certificate lifetimes are dropping from 398 days to 47 over the next three years. Here's what changes, why it's happening, and the eight things every platform team should fix before the first cliff in 2027. For the first ten years of the modern web's encrypted era, the median platform engineer thought about TLS certificates roughly twice a year. Renew. Click. Forget. By the late 2010s automation crept in. ACME took the click out, and most teams stopped thinking about certificates at all.
You are currently inside a comment thread.
Click here to see all the comments (14).
[–] 3 pts

We've been losing our minds over this at work. I ended up writing up step-by-step instructions for how to do it since my team can't keep up. We've passed it off to "support" who are retards and so far have had to call the vendor for the past 3 systems because they won't read the documentation. And no, it can't be automated with the crapass software we use. Why we even use SSL on a completely internal server with only people on VPN accessing it, I'll never understand. I'm sure it has something to do with our jeet cybersecurity team.

[–] 2 pts

That is part of the problem I am looking at. Some systems require a very specific cert from a specific company (because of old hardware in the field) and without it.. It's a big f-ing problem.

That company currently has no method to auto-renew and deliver a cert. No vendors have integrations to do it currently either. It's a bitch and a half. That is for sure.

For all other stuff? We have proper auto-renew stuff already setup and working. Its just this legacy stuff that is a pain and there is a absolute fuck ton of that old hardware in the field that can't be replaced or updated to use a different CA.

[–] 1 pt

We had a HUGE downtime - we are talking 50 hospitals (not known for being able to necessarily have the most up to date everything) on downtime procedures because the cert company changed their name and when the SSL cert was loaded onto one of the LDAP machines, anything using LDAP that didn't have the new root cert (anything out of windows support and probably even some of the newer stuff) just went boom. We updated the root cert for the software I support after a lot of help from the vendor since it's not something typically done, just to undo it when it was impossible for some of the older stuff to update.

We were up all night when one high level guy just said F it and bought a new cert on a company credit card from a well known company. They gave us no trouble, it was instant and it just worked. We are now going to be canceling and moving our contracts by the guys who decided to change their name on all their certs and refused to give us ones under the old name. The original vendor was awful and we just had some Indian saying he couldn't do anything, so the C level was like - fine, you can't do anything, we will.