• Justin@lemmy.jlh.name
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    2
    ·
    11 days ago

    That’s true, but it would also have to be a serious attack for LE to be down for 3 entire days. There are multiple providers for automated certs, so you could potentially just switch if needed.

      • Justin@lemmy.jlh.name
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        9 days ago

        Most companies weren’t suited for automatic certs either, but now they are

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      11 days ago

      The attack would only need to last for a day or two, and then everyone requesting updated certs when it stops could push enough people outside the 6-day window to cause problems. 6 days is probably long enough to not be a huge issue, but it’s getting close to problematic. Maybe change to 15 days, which should avoid the whole issue (people could update once/week and still have a spare week and a day to catch issues).