Ask HN: What should a Alternative to LetsEncrypt offer
16 comments
There's already other CAs that (optionally) use ACME to issue. As I understand it from the mod_md readme [1], Buypass basically works (without must staple), Sectigo and ZeroSSL work too, but require an account to be setup.
Are these true alternatives? If not, why not? I don't know where these companies reside.
[1] https://github.com/icing/mod_md?tab=readme-ov-file#known-iss...
Are these true alternatives? If not, why not? I don't know where these companies reside.
[1] https://github.com/icing/mod_md?tab=readme-ov-file#known-iss...
Buypass is based in Norway. Sadly no wildcard.
Section is based in the UK. Also no wild card.
ZeroSSL is based in Austria. But they are technically a reseller from Sectigo (using a branded intermediate.)
Section is based in the UK. Also no wild card.
ZeroSSL is based in Austria. But they are technically a reseller from Sectigo (using a branded intermediate.)
They are alternatives. With true I wanted to specifically point to: nonprofit and same features (so not only simple DV for free accounts but also wildcard.)
My thing is, that a true alternative would atleast offer the same features at the same price point. I’d also a registered non profit: even better.
How would you fund such an operation?
It’s not extremely expensive, but it needs a bit of funding.
https://community.letsencrypt.org/t/what-it-costs-to-run-let...
It’s not extremely expensive, but it needs a bit of funding.
https://community.letsencrypt.org/t/what-it-costs-to-run-let...
Using a different set of libraries as dependencies.
Thanks forgot that point totally/o\
Why are those basic requirements and what has being based in the US to do with resillience?
The “requirements”a re things that I already had in mind.
The US part is based on legal framework. Based on stuff like politics and such. So another jurisdiction, das would allow the same model then let’s encrypt, would add to the ecosystem more, then another one in der US.
The US part is based on legal framework. Based on stuff like politics and such. So another jurisdiction, das would allow the same model then let’s encrypt, would add to the ecosystem more, then another one in der US.
wildcard subdomains
What pattern? ..example.com or just *.sub.example.com?
Wildcards based on multiple * (w.w.example.com) are now allowed by spec.
It should have money, a shit ton of it.
Besides the following basic requirements: - feature complete (offering both simple domain and wildcard support via ACME) - registered non-profit - not inside the US (simply based on resillience) - like lets encrypt community driven