Those that open this page using HTTPS instead of HTTP will notice that there is a warning that your connection isn’t private. This is due to the CAcert certificate authority not being trusted, which can be easily fixed by installing their root certificates. But there’s an alternative out there now, Let’s Encrypt. “Why have you not switched yet?” you ask. Here’s why.
I haven’t switched to Let’s Encrypt for multiple reasons:
- Let’s Encrypt has a toolset built infront of it. A toolset. Not a website. You have to install something to get a certificate. I already have OpenSSL and all other CAs don’t require me to install anything. Does this ring the “Privacy, Safety and Security Risk” bell for anyone? It does for me and I don’t care if it’s Open Source. Exploits can be Open Source too and you wouldn’t notice with a Novices eye looking at it.
- Ignoring the above, I spent 3 hours trying to get a signed certificate. No luck. The last status I got from it was 400 Invalid character in DNS something. What. This CSR format worked fine for years now, why do you refuse it, Let’s Encrypt?
- And the last reason: The current certificate works. It works so good that I’ve actually got a shell script to automatically update the CSR and send me a PGP encrypted e-mail with it and then it waits for the PGP encrypted response to replace the signed certificate with the one I sent it.
Until Let’s Encrypt fixes their bullshit, the CAcert certificate stays. Don’t like, don’t have to use SSL, not my problem.