No at all dude we all get it wrong, we are human. I guess the difference is simply time. One gave 24 hours notice the other had quite a bit more.
I don't wish to press the point, but honestly you're completely wrong here.
I admit the link I posted wasn't the clearest, but the summary is that Symantec were systemically issuing certificates for domains they didn't properly validate, then failed to bother to fix it over a huge period of time, leading to Google kicking them out.
It affected millions of certificates they issued (Symantec, Thawte, Geotrust and RapidSSL) and was so bad that Symantec effectively gave up their certificate business, selling it to a competitor in 2017.
I wouldn't have had any issue at all and wouldnt have posted but remembered that im a mug and an idiot as I was reading the article.
You're clearly not an idiot but SSL is complex, I'd be lying if I said I was an expert.
Projects like Let's Encrypt bring security to the web for everyone, including those who otherwise couldn't afford it, which can only be a good thing.
On another note, Tsohost are having fun with this Let's Encrypt issue, using it to push their own certificates on their Twitter:
Tsohost Twitter said:
We of course do provide SSL certificates for the entire year which can be ordered from within your client area or our website. On these we can guarantee no revokes, smooth renewals and also come with a warranty where the cheapest SSL covers up to a cost of £100.000.
Nobody can guarantee no revokes, especially given the Symantec situation! Obviously not saying that Tsohost would have the same issue but the point is a precedent has been set, ie that the community will act to enforce CA rules. Rules which were probably co-written by Tsohost (Godaddy) given that Godaddy are a founding member of the CA....
I replaced all our affected Let's Encrypt certs last night with little drama, touch wood. I guess I'll find out at 8pm tonight when the old ones are revoked
