_a1xx·6 năm trước·discussUnless they activate HSTS, it shouldn't be a problem. They can always go back to HTTP if they want.Also, Let's Encrypt doesn't even revoke certificates for malware and phishing sites. [1]Maybe they're doing this for better caching performance? It makes SSL flood attacks impossible, but is that really worth it?[1] https://community.letsencrypt.org/t/how-to-report-abuse/4110...
Also, Let's Encrypt doesn't even revoke certificates for malware and phishing sites. [1]
Maybe they're doing this for better caching performance? It makes SSL flood attacks impossible, but is that really worth it?
[1] https://community.letsencrypt.org/t/how-to-report-abuse/4110...