Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mit5x2022-03-14 11:39:24
Digital certificates
mit5x, 2022-03-14 11:39:24

Let's encrypt, what to do if it revokes certificates?

Probably many use the free certificates from let's encrypt.
If let's encrypt abruptly revokes certificates for all ru/rf domains, what will you personally do?

1) Implement a redirect at the server level from https to http so that the site at least opens even without a certificate. And users did not see the warning about the threat.
2) Where to reissue a new certificate? Which supplier?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
D
Dr. Bacon, 2022-03-14
@bacon

Implement a redirect at the server level from https to http so that the site at least opens even without a certificate.
You cannot do this, because it is necessary for the request to be processed, and without a certificate, there will be a stupid error.

Report
M
mercower26, 2022-03-14
@mercower26

You can disable the redirect to https and remove the certificate. At the same time, if there are no site links via https in the site code and database, everything will work fine. If there is, you need to change them to http or redirect from https to http

Report
C
CityCat4, 2022-03-14
@CityCat4

Reissue.
- in GlobalSign - it seems that until the tower is demolished, everyone who recently had reviews in LE is reissued there.
- in Asian CAs (although I don't know any)
- in Russian CAs (although it will only work in under-browsers like Sputnik, where Russian CAs are integrated)
- self-signed or in its own CA (it will constantly throw out a warning about the invalidity of the certificate)

Report
V
ValdikSS, 2022-03-14
@ValdikSS

There are a significant number of alternatives, here are a few free options, all with support for the acme protocol:
ZeroSSL (also issue certificates to an IP address, but not via ACME)
SSL.com free
Buypass Revoke
certificates to sanctioned companies, not random websites. Revocation criteria are specified in CA/B: https://cabforum.org/baseline-requirements-documents/

Similar questions
S
Sylar Gray2014-07-02 22:49:16
How to search for similar records in mysql by possible similarity of 3 fields? 5Reply
S
Sergey2018-10-12 13:58:09
Can a wildcard certificate from one domain work for another on the same server? 1Reply
K
koshelevatamila47412021-12-22 22:08:17
Why doesn't https work? 4Reply
K
Kirill Zhilyaev2018-10-28 17:08:34
How to make WSS work on QT? 0Reply
S
shledon2021-12-30 14:12:04
How to add DNS names in a request for an SSL certificate in IIS? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question