Let's Encrypt ran a mass revocation drill on 3 million production certificates in March. No user notifications. They shortened ARI windows to signal an emergency and watched who responded.
Most ACME clients never noticed.
https://www.certkit.io/blog/lets-encrypt-mass-revocation-simulation
after using this #macbook for about a day i can say that it is a really good machine. the battery life lasts for ages, only going down 30% in 5 hours in not insignificant use.
the speakers are incredible for a laptop, especially compared to my lenovo legion laptop.
i am enjoying the unix stuff in the terminal quite a lot. LaTeX works flawlessly and i was even able to install #acme from #plan9
for a machine that is due to last me over the next few years, i think i made the right choice.
Update March 16, 2026: Thanks to some timeline changes in the root program requirements, we have been able to push back the removal of the tlsclient profile slightly. If you are already using the tlsclient profile before May 13, 2026, now you will be able to continue to do so through July 8, 2026. Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use Let’s Encrypt to secure websites won’t be affected and won’t need to take any action. However, if you use Let’s Encrypt certificates as client certificates to authenticate to a server, this change may impact you.
Überraschung am Morgen. Das Letsencrypt Zertifikat für meine Website https://pixelgalaxy.net war abgelaufen und wurde nicht automatisch erneuert. Die Pixelfed Instanz läuft auf einem Server mit Yunohost. Da hat Yunohost wieder Eigenheiten entwickelt, die einem nicht gefallen können. Das Verzeichnis für die Zertifikate in der NGINX-Konfiguration war falsch eingetragen. Damit mußte die Challenge natürlich scheitern.
Problem gefixt! PixelGalaxy.NET läuft wieder.
For my personal home infrastructure I’ve been using step-ca to have an internal ACME server for issuing TLS certificates for my .home.arpa domain. I also intended to use this to sign ssh certificates so I could simplify my SSH key setup. And i really like hardware bound keys. They solve a very concrete problem where even if someone can extract a signing key from your system, they are effectively useless without access to the hardware they where bound to. This hardware could be something like a yubikey, or another FIDO device. But in 2026 most of our machines have a Trusted Platform Module (TPM) that functions as a free hardware enclave we can use to secure our keys with.
Any #nixos people here on #fediverse interested in #mumble?
I would like to get this pull request merged. It basically hooks up the Mumble module to the #acme module and configures appropriate defaults for certificate settings. It's tested and reviewed, but lying around for quite a bit now.
Also, would be great to have a committer as co-maintainer for the package and module. It's quite difficult to find people willing to merge changes.
Boosts are appreciated. Thanks!
Things done Built on platform: x86_64-linux aarch64-linux x86_64-darwin aarch64-darwin Tested, as applicable: NixOS tests in nixos/tests. Package tests at passthru.tests. Tests in lib/...
Автоматические TLS-сертификаты в Angie с модулем ACME
В этой статье посмотрим на модуль ACME веб‑сервера Angie. Модуль позволяет с минимальными усилиями получить TLS‑сертификаты и автоматически их обновлять. Наверняка вы уже работали с бесплатными сертификатами от Let«s Encrypt и можете задать закономерный вопрос: зачем это делать веб‑сервером, когда есть утилиты вроде certbot, acme.sh и acmebot? Для ответа нужно хотя бы один раз попробовать модуль ACME и удобство конфигурации станет очевидным.» Начнём с краткого введения в тему ACME.
kurtsh
CertKit
ravenbrook
Albums Albums Albums
Denny
Waidler 
tusharhero
nico
Felix Singer
Habr