In <list-2480175@2rosenthals.com>, on 05/16/26
at 05:28 PM, "Lewis G Rosenthal" <ecs-isp@2rosenthals.com> said:
Hi,
>Much as I hate to admit it, other than the 17 days, the convenience of
>having a script do the cert updates from LE would be a tie-breaker -
>though I am still uneasy about LE (less so after this much time, I
>guess).
I scripted a solution for Dan's OS/2 servers and it works well.
>This short lifespan is a killer for all commercial CAs, as that has been
>their main attraction since LE went sort of mainstream (10 years ago,
>they started with 90-day certs, and that was a PITA vs 2-year certs; now
>all lifespans have shortened, but 17 days is probably not worth the
>cost).
With a scripted solution, the cert lifetime is pretty much irrelevant. I
suspect there will always be a place for commerical CAs. What we think of
as easy is often not so much for the rest of the user base.
Dan has a couple of dual homed servers which is something that LE does not
handle out of the box. For some a cert from a commercial CA would be as
easier solution.
back to list