Let's Encrypt's free and automatic certificate management has been around since November 16th, 2015, by the way.
this post was submitted on 24 Feb 2026
726 points (99.5% liked)
linuxmemes
30278 readers
1581 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
- Don't come looking for advice, this is not the right community.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
Let's Encrypt has also started offering 7 day certs for people who are confident that they spent more than 5 minutes to setup their cert management lol.
And who owns the root certificate?
You don't own the root certificate even when you aren't using Let's Encrypt, unless you self sign or want to become a certificate authority. Am I missing something? Is there some controversy about Let's Encrypt I'm unaware of?
I just mean they own it, I know that you can't decrypt encrypted messages with root certificate, but you can abuse it in the case of being man in the middle. Of course I don't think that let's encrypt are doing that, but there other entities that would really enjoy having that toolset for hundred of millions of services that rely on let's encrypt.
And if you look at the ones who sponsor Lets encrypt, I don't think that any of them would bat an eye (except for EFF) if for instance the pedophile chief decided that they need to change leadership. Or hey, we NSA also have access to the credentials to the root certificate.
Something being free is not always the best option, when it comes to security. And it's not impossible that such a large entity can become compromised through pressure, especially when they live on support from private organizations, who have time and time again, shown that they are not trust worthy and would choose to do unethical thing, if that benefits them.
I'm a little confused why you view this as an issue because in the alternative, manually installing certificates instead of using Let's Encrypt's tool, you still wouldn't own the root certificate.
Purple Arch has yet to fail me.
I made this for you.
I'm stealing that. Thanks.
Iβm a simple man. I see endeavour OS, I like
I enjoyed my time with EOS but it had annoying bugs on my Thinkpad that I haven't had with CachyOS in a year+ of using it.
load more comments
(4 replies)
It kind of makes it hard to trust this distro when they fuck up the most basic things so often and frequently.
Not just with their web hosting. I've had so many updates break random crap it's not even funny. Recently, a random update I did not approve suddenly had kwallet not working. A core piece of a DE they provide a bundled version for. I had to start kwalletd myself every time I wanted to use it.
It didn't start that way on the fresh install. I didn't do anything myself except reboot. Then suddenly my scripts that nab from the keystore are failing and asking me for passwords and what a mess.
That's just a more recent example. I remember having quite a few random issues on update in the past, though the only other one I explicitly remember is the DE suddenly failing to start. Like, at all. Luckily I had a recent timeshift backup saved elsewhere, restored, and ignored the update notifications for a long while...
load more comments
(3 replies)
load more comments
(1 replies)
Why donβt people just use Arch directly instead of using derivatives? Wellβ¦ I can understand using something like CachyOS as it has a different kernel with optimisations but Manjaro feels very irrelevant. If you just want Arch Linux with simple installation, just use the archinstall script. Regardless of which derivative you use, Arch based distros are going to be heavy maintenance than something like Bazzite, Mint or Ubuntu.
I used Manjaro for a few years before switching to Arch. Manjaro finds a nice sweespot for "Arch but also nice". Furthermore, Arch has gotten much more user friendly in the last 5 years or so. Back in late 2010s, Manjaro was adding a lot of value on top of Arch.
What really bothered me about Manjaro was the "forum cops" they employ, who are super aggressive to newcomers and unhelpful. It was not a nice experience to seek help. Say what you will about Arch people, they are at least helpful.
I finally switched to Arch when I got my new machine. I recommend the same.
load more comments
(2 replies)
Back in 2015 for gaming PC: Steam and Nvidia driver updates via package manager, Xfce (used it before on multiple laptops), promise to be more stable than vanilla arch.
load more comments
(19 replies)
Wow. How does this happen when letsencrypt exists? Or certbot?
More importantly.. How does this happen again?
There is a significant amount of infrastructure that does not support cert bot out there.
That being said they are using LE but looks like the renew failed.
https://www.ssllabs.com/ssltest/analyze.html?d=manjaro.org&s=116.203.91.91&latest=
There is a significant amount of infrastructure that does not support cert bot out there.
Example? I believe you, I just can't imagine what would preclude a public-facing server from using Caddy or certbot. Certainly not for a project maintaining an Arch-derivative distribution.
load more comments
(5 replies)
load more comments
(9 replies)
load more comments
(1 replies)
Oh no, first lemmynsfw.com and now this
wait what happened to lemmynsfw
As posted at this new instance which appears to be trying to fill the void (heh) left by lemmyNSFW:
Xaeg/Yay was the owner of LemmyNSFW, and he had access to and paid for the domain, server, and everything else related to the site. He has been AWOL for about 6 months now, and suddenly this month, the server and the domain stopped being paid for. I have no access to the server to get the database.
Because of this LemmyNSFW as it was, and all the content on it, much to my dismay, seems to have died.
If they were in the US then they might be in π§ custody
Damn. Fuck ice. In general, not for potentially being related to this.
the only admin disappeared and the bills stopped getting paid, apparently
load more comments
(2 replies)
At this point is more of a tradition...
It's still technically automaton if your workflow depends on people poking you when things break.
load more comments
(1 replies)
This is at least the third time, how do they even manage to fail that
At least the sixth time even. Four cases are documented here and another one was just three months ago. This last link points to reddit, but there a manjaro maintainer also explains why it keeps happening:
Politics within the project are the issue.
The fix for these issues have been build for about a year already. But those who have access to stuff like DNS and hosting are currently incapable of making any agreement on any topic preventing trivial fixes such as this from being implemented.
unauthorized end-to-end encryption.
To be fair it's about to get even worse with the much smaller max validity periods.
Systemd will auto renew an LE cert.
With how it's going, Will systemd also eventually be able to occasionally remind my Asian ass that I am a failure?
I thought that's what your parents are for?
Have a look at systemd timers π€£π€£
load more comments
(1 replies)
view more: next βΊ