Lets Encrypt

Let’s Encrypt is a game changer. If something this ingenious existed 20 years ago, we would live in a very different industry. The business of cryptography was in dire need of a shake up, and wow, did we get it. The problems I encountered with letsencrypt were getting middle management to believe that it exists or that they do what they say they can. It didn’t help matters that the manager in question demanded we purchase a multi-SAN wildcard cert for all of our staging infrastructure and wasted a few grand doing it. People did not want to be convinced, so I scripted up a provisioner that used Lego and created a cron.d task for automatic renewal. Bam, that got everyone’s attention. Talk about disruptive; you know you’re doing something right when a solution is so good it angers and embarrasses your director. I’ve personally switched from NGINX to Caddy for use as a webserver. Since it has TLS with letsencrypt built in, there’s no configuration work left to be done by me. For load balancing, I’d go with Traefik but that is an argument for another time. My point is this; it’s a problem that needed solving. It’s been a thorn for so long, people began accepting that certs need to be untrusted unless there’s money involved. Not true, just not true.

UPDATE: Said manager was relieved of his obligations… finally.

UPDATE 2: Lego has been integrated into Kubernetes as well. Makes for a perfect staging environment