The blight of expired Let’s Encrypt certs


As Let’s Encrypt has made it affordable and easy to generate and install HTTPS certificates, so too have the number of sites exploded with expired certificate warnings.

Expired Let's Encrypt certificate warning in Safari

In the past, a certificate was an investment. You treasured it, and (mostly) kept it current. Now they’re becoming disposable.

I don’t fault Let’s Encrypt for this. The official client, and most of the others, provide instructions on setting up a cron job to generate them regularly. But it’s an interesting side effect.

Peversely, if we’re concerned with people clicking through expired cert warnings without reading or caring, this latest trend is only going to reinforce it.

(As an aside, a couple of readers have asked why I keep referring to these as **HTTPS** rather than **SSL** certificates. Crypto people are nothing if not precise, and **SSL** is not offered on Rubenerd, or most other sites any more. The newer versions of the standard are called, rather short-sightedly, **TLS**. But that name holds even less mindshare outside the IT industry).

Author bio and support


Ruben Schade is a technical writer and IaaS engineer in Sydney, Australia who refers to himself in the third person in bios. Wait, not BIOS… my brain should be EFI by now.

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or buy some silly merch. Thanks!