Answer the question
In order to leave comments, you need to log in
Let's encrypt, what to do if it revokes certificates?
Probably many use the free certificates from let's encrypt.
If let's encrypt abruptly revokes certificates for all ru/rf domains, what will you personally do?
1) Implement a redirect at the server level from https to http so that the site at least opens even without a certificate. And users did not see the warning about the threat.
2) Where to reissue a new certificate? Which supplier?
Answer the question
In order to leave comments, you need to log in
Implement a redirect at the server level from https to http so that the site at least opens even without a certificate.You cannot do this, because it is necessary for the request to be processed, and without a certificate, there will be a stupid error.
You can disable the redirect to https and remove the certificate. At the same time, if there are no site links via https in the site code and database, everything will work fine. If there is, you need to change them to http or redirect from https to http
Reissue.
- in GlobalSign - it seems that until the tower is demolished, everyone who recently had reviews in LE is reissued there.
- in Asian CAs (although I don't know any)
- in Russian CAs (although it will only work in under-browsers like Sputnik, where Russian CAs are integrated)
- self-signed or in its own CA (it will constantly throw out a warning about the invalidity of the certificate)
There are a significant number of alternatives, here are a few free options, all with support for the acme protocol:
ZeroSSL (also issue certificates to an IP address, but not via ACME)
SSL.com free
Buypass Revoke
certificates to sanctioned companies, not random websites. Revocation criteria are specified in CA/B: https://cabforum.org/baseline-requirements-documents/
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question