Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, but... given there are other ACME providers, why would I choose one from the a company with googles reputation for sunsetting products?



As a Let’s Encrypt user and fan, I can answer this.

LE is great, but their SLO is significantly below our customers’ expectations. For us, Google wouldn’t replace LE, it would supplement LE for higher reliability.

Seeing more providers conforming to ACME at a price point of “free” is great for the ecosystem.


Is this with provisioning many new certs?

The recommended renewal cycle gives you a 30 day lead on failure becoming a problem, plenty of time for multiple retries or recovery processes to use an alternate.

The only issues I've ran into, have stemmed from DNS for wildcard certs, where a client's DNS provider is... pretty crap about updating records despite low ttls being set.


It’s a web hosting business. New customers want effortless free TLS asap. We get customers who routinely create new sites who come to expect fast provisioning.


Some people on the cloud like to issue a certificate per machine, so no ACME = no new VMs.


Does Google Cloud also have that reputation? I've seen renames and well-motivated deprecations, but not the Google Graveyard kind of events.


"This API you use has changed, you have 6 months to update your code" is not unheard of.

On AWS, the equivalent is "We no longer recommend this, and it's not visible in the AWS console unless you are already using it or have asked support to enable it, but it will keep working indefinitely".




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: