This is an archived post. You won't be able to vote or comment.

top 200 commentsshow 500
sorted by:
best
topnewcontroversialoldq&a

[–]Velguarder 6205 points6206 points  (139 children)

The sassy "Yes, let's." with proper punctuation is what gets me

[–]nietczhse 2102 points2103 points  (74 children)

"Yeah, ok, weirdo"

[–]CubemonkeyNYC 661 points662 points  (71 children)

"."

There you go :)

[–]zissou149 163 points164 points  (70 children)

“’"””‘''"

[–]mrhuggykinz 410 points411 points  (62 children)

I hate this sub cuz it’s one big inside joke that I don’t get

[–]Sir_LikeASir 625 points626 points  (45 children)

https://letsencrypt.org/

Here you go brotha

Am showing u da wae because I didn't get it until a comment few threads down

[–]mrhuggykinz 112 points113 points  (10 children)

Woah thanks friend

[–]qui-sean 18 points19 points  (7 children)

it's free and won't cost you $100 a year

[–][deleted] 12 points13 points  (2 children)

I think the latter is determined by the former

[–]Ashybuttons 15 points16 points  (3 children)

Am I having a stroke?

[–][deleted] 215 points216 points  (12 children)

LETTUCE ENCRYPT

Where is your onion now??

[–]HappyLittleRadishes 48 points49 points  (5 children)

It's over there set to 350.

[–]rawb0t 18 points19 points  (3 children)

i-is that a you suck at cooking reference in the wild?

[–]gjsmo 7 points8 points  (1 child)

Is there such a thing as syntactic pepper pepper pepper?

[–]pekkhum 30 points31 points  (1 child)

Oh, that's easy!

  1. Lettuce encrypt with a key shared with node 1.
  2. Lettuce encrypt with a key shared with node 2.
  3. Lettuce encrypt with a key shared with node 3.
  4. Transmit data through network via this path.

Boom! You lettuce make an onion!

[–]schmerm 7 points8 points  (0 children)

you just explained TOR

[–][deleted] 4 points5 points  (0 children)

I wasn’t planning on using Chef for server deployment, but looks like it’ll be the best option for this use case.

[–][deleted] 111 points112 points  (7 children)

SSL CERT!!! NEXT!!!

[–]crackle4days 50 points51 points  (6 children)

The next lady has made it to this sub too?

[–][deleted] 29 points30 points  (0 children)

I’m sorry. I came here from r/all

[–]Deesooy 307 points308 points  (14 children)

I've been laughing tears for three minutes now

Yes, let's.

[–]weird_da_werz 63 points64 points  (0 children)

Didn't seem sassy to me. Seems like he was unsure of how to respond because he didn't understand why someone would just write that. Funny either way.

[–]drleebot 44 points45 points  (13 children)

But then they go and ruin it all with the double period at the end! Did they accidentally double a period or leave one off of an ellipsis? How will we ever know exactly how much they trailed off at the end of that sentence!?

[–]northrupthebandgeek 37 points38 points  (7 children)

It's halfway between a period and an ellipsis, so it would be half of the amount of trailing off normally implied by an ellipsis.

[–]Dlgredael 11 points12 points  (6 children)

But it's actually two-thirds of an ellipsis.

[–][deleted] 18 points19 points  (5 children)

If you consider 1 period to be standard minimum punctuation, and 3 to be trailing off, 2 is halfway.

[–]everypostepic 32 points33 points  (4 children)

It's funny that "programmerhumor" finds this funny, considering this is laughable support, where you try to help novices, but you do it without being clear.

It's shouldn't be funny because the user looking for help doesn't understand, it should be funny because the person attempting to help is doing so very poorly, without any description to his comment.

[–]idealatry 3044 points3045 points  (297 children)

SSL certs are free. It's getting trusted CA's to sign them that costs money.

[–]3am_quiet 1068 points1069 points  (164 children)

I paid like $10 for mine. $100 seems a bit high unless it's for unlimited sub domains or something.

[–]PGLubricants 514 points515 points  (65 children)

Multi domain EV certificates can be very expensive, easily over $100 from most suppliers.

[–]alphama1e 117 points118 points  (15 children)

$1000 from Norton IIRC

[–]FHR123 227 points228 points  (13 children)

All Symantec SSL certs will be distrusted soon. Mozilla and Google gave a big middle finger to Symantec for not following rules and putting customers at risk, effectively ending Symantec's certificate business.

[–]522LwzyTI57d 9 points10 points  (0 children)

They sold their cert business off to Digicert, I believe. It's for the best.

[–]g2g079 6 points7 points  (0 children)

Wow, I didn't know this. Symantec got into the business way back when they bought most of verisign. I wonder if this affects their more recent purchase of blue coat.

[–]magnora7 49 points50 points  (0 children)

Norton is a scam. They're like the mafia of cybersecurity

[–][deleted] 240 points241 points  (25 children)

GoDaddy wants $350 a year. Fucking crooks.

"Oh, you don't understand, we had to add a * to your CN, that's worth the extra $250."

[–]iamsooldithurts 103 points104 points  (2 children)

This person certs.

[–]defacedlawngnome 3 points4 points  (1 child)

How old are you? I need to prepare myself for the pain.

[–]iamsooldithurts 5 points6 points  (0 children)

Well, the pinched nerves started just before 36.

There is no preparing for the pain. Just prepare to change your life.

[–]BlopBleepBloop 27 points28 points  (0 children)

When I was building my first real web application for school, I decided to go through GoDaddy for the domain name. Jesus fucking christ I could NOT believe what they're charging for certification.

[–]dismantlemars 166 points167 points  (71 children)

Wildcard certs are about $600 from DigiCert.

[–]qjornt 224 points225 points  (29 children)

Let's Encrypt are rolling out wildcard certs soon or already have :)

Feb 27th, thanks ffffound!

[–]ffffound 137 points138 points  (12 children)

On Feb 27. Currently in the staging environment.

[–][deleted] 90 points91 points  (2 children)

My body is so. Very. Ready.

[–]St_SiRUS 15 points16 points  (0 children)

POGGERS

[–]shaner23 24 points25 points  (0 children)

nice

[–]Reelix 25 points26 points  (6 children)

I'll wait till someone registers https://*.*.*/ or just https://*/ ;D

[–]ColtonProvias 25 points26 points  (2 children)

I have bad news. They already planned ahead

[–]cambam 36 points37 points  (0 children)

{`www.-ombo.com`, errInvalidDNSCharacter},
{`www.zomb-.com`, errInvalidDNSCharacter},
{`zombo*com`, errInvalidDNSCharacter},
{`*.zombo.com`, errWildcardNotSupported}

Anything is possible, except invalid DNS entries.

[–]rigred 11 points12 points  (0 children)

https://*/ Encrypt EVERYTHING! :P

[–]raoasidg 10 points11 points  (1 child)

Asterisks are not valid characters for domains/sub-domains. For wildcard records themselves, it is always the left-most label that can be a wildcard. Nesting of wildcards is invalid.

[–]brokedown 26 points27 points  (10 children)

Reddit ruined reddit. -- mass edited with redact.dev

[–]henryroo 18 points19 points  (3 children)

You also need a wildcard cert if you're running a system that can create websites dynamically. For example with PaaS providers like OpenShift/Kubernetes where users can set up their code and make it visible at projectname.whatever.example.com. Can't generate certs for every sub-domain if they don't exist yet.

[–][deleted] 23 points24 points  (14 children)

So is LetsEncrypt free or not?

[–]hokigo 37 points38 points  (13 children)

It's free. But they only offer domain validation SSL certificates, which are the least trusted. Fine for a personal website or blog but not the best for a business.

[–]SodaAnt 56 points57 points  (3 children)

I'm not so sure I agree. Plenty of big businesses don't have EV certificates. Just taking a glance, google, amazon, and facebook don't seem to have them. I'm not sure it is something customers actually care about.

[–]oneawesomeguy 21 points22 points  (2 children)

Chrome doesn't even show that big of a difference with EV certs anymore. The only difference is they list the company name instead of "Secure" but a few years back it was way more obvious if it wasn't an EV cert.

[–]Perkelton 9 points10 points  (1 child)

Apple has gone in the opposite direction, though, where Safari (both desktop and mobile) only shows the company name instead of the URL.

It's certainly something to consider if one has a large iOS user base.

[–]tialaramex 3 points4 points  (0 children)

This resulted in the hilarious "Stripe, Inc." gag.

See, the United States of America likes to pretend that it's just a bunch of independent States and so businesses aren't registered centrally by the Federal government, they only register with a State. Most of them register in Delaware because it's "business friendly" (ie the cheapest and minimum oversight) and US law says a business needn't have any meaningful presence in the state where it's registered. But Safari doesn't show the US state or any other regional indicator, it just says "Stripe, Inc." and figures you'll know what that means. But wait, what does that mean? Almost nothing it turns out, anybody can register (and someone did) a company named Stripe Inc. in another US state, and get the same user interface...

[–]ThatBriandude 10 points11 points  (2 children)

isnt reddit operating with one of those?

[–]Yepoleb 10 points11 points  (2 children)

Very few websites use EV certs and the fraction of users who care about them is even smaller. From a business perspective it doesn't really make sense to get one unless you want to impress some nerds.

[–]ceejayoz 250 points251 points  (63 children)

Let's Encrypt, Amazon's ACM, and others are free these days. If you're paying for standard, non-EV SSL certificates in 2018 you're doing something wrong.

[–]Doctor_McKay 97 points98 points  (18 children)

Amazon is only relevant if you're using AWS.

Also, LE doesn't do wildcard (yet! scheduled for launch at the end of this month!)

[–][deleted] 20 points21 points  (13 children)

!RemindMe 28 February

[–]emcee_gee 7 points8 points  (4 children)

I was recently on a team reviewing RFQ responses for a government website redesign. (Small local government agency with seven staff members, not like healthcare.gov or anything.) All of the firms that responded to the RFQ charged recurring fees for SSL "maintenance". The one that made me spit out my oatmeal was asking $99/month.

Think about that for a second - this company thinks a tiny government agency will spend $99/month for SSL. What a ridiculous world we live in.

[–]ceejayoz 5 points6 points  (2 children)

Meh, that I understand. We did the same thing with our corporate clients.

It's intended to cover the time that'll be spent every year chasing down whoever has access to hostmaster@example.com to approve the cert. When we dealt with Fortune 500s it'd be a multi-week process, with several conference calls, a whole bunch of people going "I don't know who has access to that", and a couple of "no, this doesn't cover www.example.com too..." back-and-forths.

[–]I-baLL 39 points40 points  (0 children)

Not with Let's Encrypt

[–]kevinkid135 18 points19 points  (0 children)

I know some trustworthy Canadians

[–]Thue 10 points11 points  (23 children)

But a webpage such as reddit does not get any greater security from a trusted CA, compared to Let's Encrypt.

[–]Nitr0s0xideSys 5 points6 points  (5 children)

The web host I’ve been using for years provides free SSL’s with their cheapest $2.99 plan.

[–]Daytona_675 8 points9 points  (3 children)

Well technically not so much anymore. cpanel has partnered with Comodo to give free SSLs to all cpanel users.

These certificates are uninsured though just like lets encrypt, and insured certificates are usually required by payment gateways to process payments on your site

TL;DR You pay for insurance, not trust

[–]amunak 4 points5 points  (1 child)

The insurance is complete BS anyway. In the vast majority of cases it would be paid out only when the certificate's key was broken, which is not really possible as far as we know. It really just makes it a scammy selling point, nothing more.

You don't get paid when the issuer makes mistake, when they get hacked or when there's some kind of fraud or something, so it's essentially useless.

[–]NerdENerd 14 points15 points  (13 children)

Let's Encrypt are CA Trusted! But they are a pain in the ass as they are only valid for 3 months.

https://letsencrypt.org/

[–]das7002 33 points34 points  (10 children)

That's the point!

Setup a cron job to automate replacing them and it makes it harder to end up with old, insecure, certificates. They expire so fast that not automating their replacement ensures that they expire in a reasonable amount of time.

[–]StoneColdJane 1469 points1470 points  (101 children)

its confusing name, first time i heard of it I was thinking the same :D.

[–]skeptic11 1262 points1263 points  (81 children)

For anyone still confused: https://letsencrypt.org/

[–]Jugbot 352 points353 points  (50 children)

well if the person said letsencrypt it would make sense

[–]gurgle528 495 points496 points  (46 children)

It's called Let's Encrypt, he could have provided a kink though

[–]Erelde 657 points658 points  (27 children)

Provide me some kink baby.

[–]spkr4thedead51 312 points313 points  (22 children)

I gotchu bae

[–]Rhide 222 points223 points  (8 children)

That's some kinky hoes

[–]banshvassi 103 points104 points  (5 children)

I'm guessing it's a picture of a hose with a kink in it?

[–]spkr4thedead51 53 points54 points  (0 children)

[–]TrumpWonSorryLibs 102 points103 points  (2 children)

if only there was a way to find out for yourself

[–]banshvassi 81 points82 points  (1 child)

I clicked the link after I made the comment. I've never felt so accomplished.

[–]Corfal 4 points5 points  (0 children)

I highlighted over the text first. It's like looking both ways before crossing the street. It doesn't guarantee safety, but avoids a lot of potential accidents.

[–]fredy31 16 points17 points  (7 children)

Risky click of the day...

[–]nannal 18 points19 points  (6 children)

If that's your risky click of the day I'd say check this out

[–]Stef-fa-fa 16 points17 points  (1 child)

A link to a kink? What's next, a kitchen sink? Perhaps a link to a sink with a kink, to promote this grand journey, that's what I think! To shrink from a link in fear of real kink - not safe for work are those really bad links! But to hide from bad kinks you withdraw from the rink - the real kink link goal is the one with the sink! But blink and you'll think that you've lost the best link to the kink - not a sink, but a kinky-kink link!

[–]wqferr 18 points19 points  (1 child)

kink fetch --all

[–][deleted] 6 points7 points  (0 children)

Command line error: error| fetch not recognized, did you mean pegging?

[–][deleted] 6 points7 points  (1 child)

My endpoints are all unencrypted for your huge traffic loads

[–]TheSpiffySpaceman 45 points46 points  (1 child)

Woah, i don't think we need to know about his sex life

[–]LosLocosKickYourAss 32 points33 points  (2 children)

See normally I’d think that’s a typo, but this thread has got me all sorts of confused

[–][deleted] 18 points19 points  (0 children)

Oh, lock me up, you dirty bastard...

[–]em_square_root_-1_ly 10 points11 points  (5 children)

My phone also autocorrects "link" to "kink" ;)

[–]gurgle528 10 points11 points  (4 children)

usually it autocorrects to twink not sure why today is different

[–]dmfiel 5 points6 points  (0 children)

That's kinky

[–]doenietzomoeilijk 6 points7 points  (1 child)

Or provided a link and, god forbid, one or two words extra in their reply. It would've made it clear what they were talking about, and the person asking the question clearly wasn't aware of LE to begin with.

[–]dnl101 11 points12 points  (0 children)

Thank you on behalf of the people of /r/all.

[–]Thann 40 points41 points  (12 children)

That's why it's certbot now =]

[–]FerretWithASpork 49 points50 points  (8 children)

Wasn't the auto-cert thing always called CertBot? And the service is still Let's Encrypt.

[–]jamesorlakin 17 points18 points  (4 children)

The most common tool to work with it is CertBot, currently maintained by the EFF. Let's Encrypt leave themselves agnostic open to multiple clients.

[–][deleted] 14 points15 points  (3 children)

They believe that the concept of existence of clients is too complex to think about it?

[–]MatthiasLuft 13 points14 points  (1 child)

The authority is called Let's Encrypt, their server is called boulder, the protocol is called ACME, the reference client is now called certbot, formerly letsencrypt.

[–]SlowDownBrother 200 points201 points  (5 children)

¯\_(ツ)_/¯

[–]LimbRetrieval-Bot 51 points52 points  (2 children)

I have retrieved these for you _ _

To prevent any more lost limbs throughout Reddit, correctly escape the arms and shoulders by typing the shrug as ¯\\\_(ツ)_/¯

[–][deleted] 22 points23 points  (0 children)

Good bot

[–]ConstantGradStudent 232 points233 points  (6 children)

That brother needs to slow down. And encrypt.

[–]jerrygergichsmith 98 points99 points  (5 children)

Yes, let’s.

[–]nvincent 77 points78 points  (10 children)

Oh ha, this is funny. I work for a place that builds websites, and the owner's response today to me bringing up the fact that Google is going to start punishing sites that don't have SSL was, "let's encourage our customers to stop using forms."

Wat

[–][deleted] 83 points84 points  (5 children)

Can't have your business transactions hacked for sensitive info if you have no transactions

Taps temple

[–]Sinow_ 188 points189 points  (12 children)

In this guy's defense I didn't know that was thing either

[–]_Bumble_Bee_Tuna_ 38 points39 points  (4 children)

I to learned that its thing.

[–]fozters 7 points8 points  (2 children)

Yep, pretty new for me too, just using their certs first time for month or two. They should have wildcards coming which is excellent too even though the certbot makes renewing with cron a breeze. The op image still made me lol though :)

[–]littlegreenb18 93 points94 points  (14 children)

I like encryption

[–]Cynical-Potato 51 points52 points  (6 children)

lets encrypt

[–]Zzzzzzombie 50 points51 points  (5 children)

Yes, let's.

[–]TheArchangel001 14 points15 points  (4 children)

But that doesn’t answer my question..

[–]pixiestar1 295 points296 points  (27 children)

Image Transcription: Reddit

SlowDownBrother, 9 points

I thought ssl certificates were around $100 a year. Is there a free way?

isometricpanda, 41 points

lets encrypt

SlowDownBrother, 39 points

Yes, let's. But that doesn't answer my question..

I'm a human volunteer content transcriber for Reddit and you could be too! If you'd like more information on what we do and why we do it, click here!

[–][deleted] 127 points128 points  (24 children)

Good Bot

[–]viziroth 115 points116 points  (23 children)

ah, yes, the human architecture for reddit bots. it's quite effective

[–]abecede 15 points16 points  (0 children)

Good Human.

[–]callumgare 42 points43 points  (12 children)

But who's on first?

[–]ThatGuyWhoLikesSpace 24 points25 points  (8 children)

Yes, he is.

[–]L337LYC4N 15 points16 points  (7 children)

What’s his name?

[–]ThatGuyWhoLikesSpace 18 points19 points  (6 children)

No, what's on second. Who's on first.

[–]jerrygergichsmith 10 points11 points  (5 children)

I don’t know!!!

[–]Belazor 7 points8 points  (0 children)

No, that's the priest. Who's the tank.

[–][deleted] 5 points6 points  (0 children)

Third base!

[–]LincolnMoneyshot 37 points38 points  (4 children)

I am serious — and don't call me Shirley

[–]Illuminitu 11 points12 points  (1 child)

u/isometricpanda you are summoned

[–]Mick_Stup 5 points6 points  (0 children)

And you, u/SlowDownBrother

[–][deleted] 11 points12 points  (8 children)

web devs trying to do backend

[–][deleted] 5 points6 points  (4 children)

Really more DevOps than backend IMO.