EduardCyber.mil serving file downloads using TLS certificate which expired 3 days ago
So what? They keep shortening the validity length of these certificates, making them more and more of a pain to deal with.
Which is yet another chore. And it doesn’t add any security. A certificate expired yesterday proves I am who I am just as much as it did yesterday. As long as the validity length is shorter than how long it would take somebody to work out the private key from the public key, it is fine.
An expired cert is a smell. It shows somebody isn't paying attention.
And a short expiration time absolutely increases security by reducing attack surface.
Or that someone asked to renewed it, one of their four bosses didn't sign off the apropriate form, the only person to take that form to whoever does the certs is on a vacation, person issuing certs needs all four of his bosses to sign it off, and one of those bosses has been DOGE-ed and not yet replaced.
expired letsencrypt cert on a raspberrypi at home smells of not paying attention... with governments, there are many, many points of failure.
It did until it got so short that it created a new potential attack surface — the scripts everyone is using to auto update them.
Compared to the manual processes these scripts replaced, I'd put more trust in the automations.